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Description 

TECHNICAL FIELD 

[0001] The present invention relates to a data provid- 
ing system providing content data and a method of 
same, a data providing apparatus, and a data process- 
ing apparatus. 

BACKGROUND ART 

[0002] There is a data providing system for distribut- 
ing encrypted content data to data processing appara- 
tuses of users concluding predetermined contracts and 
having the related data processing apparatuses decrypt 
and reproduce and record the content data. 
[0003] As one of such data providing systems, there 
is the conventional EMD (electronic music distribution) 
system for distributing music data. 
[0004] Figure 145 is a view of the configuration of a 
conventional EMD system 700. 

[0005] In the EMD system 700 shown in Fig. 145, con- 
tent providers 701a and 701b encrypt content data 
704a, 704b, and 704c and copyright information 705a, 
705b, and 705c by session key data obtained after mu- 
tual certification and supply them to a service provider 
71 0 on-line or supply by off-line. Here, the copyright in- 
formation 705a, 705b, and 705c include for example 
SCMS (serial copy management system) information, 
electronic watermark information requesting burying in 
the content data, and information concerning the copy- 
right requesting burying in a transmission protocol of the 
service provider 71 0. 

[0006] The service provider 71 0 decrypts the received 
content data 704a, 704b, and 704c and copyright infor- 
mation 705a, 705b, and 705c by using the session key 
data. 

[0007] Then, the service provider 71 0 buries the cop- 
yright information 705a, 705b, and 705c in the content 
data 704a, 704b, and 704c decrypted or received off- 
line to produce content data 707a, 707b, and 707c. At 
this time, the service provider 710 changes predeter- 
mined frequency domains of for example the electronic 
watermark information among the copyright information 
705a, 705b, and 705c and buries them in the content 
data 704a, 704b, and 704c and buries the SCMS infor- 
mation in a network protocol used when transmitting the 
related content data to the user. 

[0008] Further, the service provider 71 0 encrypts the 
content data 707a, 707b, and 707c by using content key 
data Kca, Kcb, and Kcc read out from a key database 
706. Thereafter, the service provider 710 encrypts a se- 
cure container 722 storing the encrypted content data 
707a, 707b, and 707c by the session key data obtained 
after the mutual certification and transmits the same to 
a CA (conditional access) module 711 existing in a ter- 
minal 709 of the user. 

[0009] The CA module 71 1 decrypts the secure con- 



tainer 722 by using the session key data. Also, the CA 
module 71 1 receives the content key data Kca, Kcb, and 
Kcc from the key database 706 of the service provider 
710 by using a charge function such as an electronic 

5 settlement and CA and decrypts them by using the ses- 
sion key data. By this, in the terminal 709, it becomes 
possible to decrypt the content data 707a, 707b, and 
707c by using the content key data Kca, Kcb, and Kcc. 
[0010] At this time, the CA module 711 performs 

10 charge processing in units of content, produces charge 
information 721 in accordance with a result of this, and 
encrypts this by the session key data and then transmits 
the same to a right clearing module 720 of the service 
provider 710. 

*5 [0011] In this case, the CA module 711 collects items 
to be managed by the service provider 71 0 concerning 
services provided by itself, that is, the contract (update) 
information and the monthly basic fee and other network 
rent of the users, performs the charge processing in 

20 units of the content, and ensure security of a physical 
layer of the network. 

[0012] The service provider 71 0 performs distributes 
profit among the service provider 710 and the content 
providers 701a, 701b, and 701c when receiving the 

25 charge information 721 from the CA module 711 . 

[0013] At this time, the profit is distributed from the 
service provider 710 to the content providers 701a, 
701 b, and 701 c via for example the JASRAC (Japanese 
Society for Rights of Authors, Composers, and Publish- 

30 ers). Also, the profit of the content provider is distributed 
to copyright owner, an artist, a song writer, and/or com- 
poser of the related content data and their affiliated pro- 
duction companies by the JASRAC. 
[0014] Also, in the terminal 709, when recording the 

35 content data 707a, 707b, and 707c decrypted by using 
the content key data Kca, Kcb, and Kcc in a RAM type 
storage medium 723 or the like, copying is controlled by 
rewriting SCMS bits of the copyright information 705a, 
705b, and 705c. Namely, on the user side, copying is 

40 controlled based on the SCMS bits buried in the content 
data 707a, 707b, and 707c to achieve protection of the 
copyright. 

[0015] The SCMS prohibits copying of the content da- 
ta over for example two generations. Copying of one 
45 generation can be carried out without restriction, how- 
ever, so there is a problem of insufficient protection of 
the copyright owner. 

[0016] Also, in the EMD system 700 : the content data 
not encrypted by the service provider 710 can be tech- 
no nically freely handled, so interested parties of the con- 
tent provider 71 0 must monitor actions etc. of the service 
provider 710, so there are problems in that the load of 
the related monitoring is large and, at the same time, 
there is a high possibility of improper loss of the profit 
55 of the content provider 701 . 

[0017] Also, in the EMD system 700, it is difficult to 
restrict acts of the terminal 709 of the user authoring the 
content data distributed from the service provider 710 
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and redistributing the same to another terminal etc., so 
there is the problem of the improper loss of the profit of 
the content provider 701 . 

DISCLOSURE THE INVENTION 5 

[0018] The present invention was made in consider- 
ation with the problems of the related art mentioned 
above and has as an object thereof to provide a data 
providing system capable of adequately protecting the 
profit of right holders (interested parties) of the content 
provider and a method of the same. 
[0019] Also, another object of the present invention is 
to provide a data providing system capable of reducing 
the load of inspection for protecting the profit of the right 
holders of the content provider and a method of the 
same. 

[0020] To solve the problems of the prior art men- 
tioned above and achieve the above objects, a data pro- 
viding system of a first aspect of the present invention 
is preferably a data providing system for distributing 
content data from a data providing apparatus to a data 
processing apparatus and managing the data providing 
apparatus and the data processing apparatus by a man- 
agement apparatus, wherein the management appara- 
tus produces a key file storing encrypted content key 
data and encrypted usage control policy data indicating 
handling of the content data, the data providing appara- 
tus provides the content data encrypted by using the 
content key data, and the data processing apparatus de- 
crypts the content key data and the usage control policy 
data stored in the key file and determines the handling 
of the content data based on the related decrypted us- 
age control policy data. 

[0021] The mode of operation of the data providing 
system of the first aspect of the present invention be- 
comes as follows. 

[0022] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related key file is 
sent to the data providing apparatus. 
[0023] Then, the content data encrypted by using the 
content key data is provided from the data providing ap- 
paratus to the data processing apparatus. 
[0024] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the key file are decrypted, and the handling of 
the content data is determined based on the related de- 
crypted usage control policy data. 
[0025] Also, a data providing system of a second as- 
pect of the present invention is a data providing system 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 



data indicating handling of the content data, the data 
providing apparatus distributes a module storing a con- 
tent file storing the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus to the data processing apparatus, 
and the data processing apparatus decrypts the content 
key data and the usage control policy data stored in the 
distributed module and determines the handling of the 
content data based on the related decrypted usage con- 
trol policy data. 

[0026] The mode of operation of the data providing 
system of the second aspect of the present invention 
becomes as follows. 

[0027] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced. 

[0028] Then, the related produced key file is distribut- 
ed from the management apparatus to the data provid- 
ing apparatus. 

[0029] Then, the module storing the content file stor- 
ing the content data encrypted by using the content key 
data and the key file received from the management ap- 
paratus is distributed from the data providing apparatus 
to the data processing apparatus, 
[0030] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0031] A data providing system of a third aspect of the 
present invention is a data providing system for distrib- 
uting content data from a data providing apparatus to a 
data processing apparatus and managing the data pro- 
viding apparatus and the data processing apparatus by 
a management apparatus, wherein the management 
apparatus produces a key file storing encrypted content 
key data and encrypted usage control policy data indi- 
cating handling of the content data, the data providing 
apparatus distributes a module storing a content file 
containing content data encrypted by using the content 
key data and the key file received from the management 
apparatus to the data processing apparatus, and the da- 
ta processing apparatus decrypts the content key data 
and the usage control policy data stored in the distrib- 
uted module and determines the handling of the content 
data based on the related decrypted usage control pol- 
icy data. 

[0032] The mode of operation of the data providing 
system of the third aspect of the present invention be- 
comes as follows. 

[0033] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
key file is sent to the data providing apparatus. 
[0034] Then, the module storing the content file con- 
taining the content data encrypted by using the content 
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key data and the key file received from the management 
apparatus is distributed from the data providing appara- 
tus to the data processing apparatus. 
[0035] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0036] Also, a data providing system of a fourth as- 
pect of the present invention is a data providing system 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating handling of the content data, the data 
providing apparatus individually distributes the content 
file storing the content data encrypted by using the con- 
tent key data and the key file received from the manage- 
ment apparatus to the data processing apparatus, and 
the data processing apparatus decrypts the content key 
data and the usage control policy data stored in the dis- 
tributed key file and determines the handling of the con- 
tent data stored in the distributed content file based on 
the related decrypted usage control policy data. 
[0037] The mode of operation of the data providing 
system of the fourth aspect of the present invention be- 
comes as follows. 

[0038] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
key file is sent to the data providing apparatus. 
[0039] Then, in the data providing apparatus, the con- 
tent file storing the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus are distributed. 
[0040] Then t in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the content data stored in the distributed 
content file is determined based on the related decrypt- 
ed usage control policy data. 

[0041] Also, a data providing system of a fifth aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating handling of the content data and distrib- 
utes the related produced key file to the data processing 
apparatus, the data providing apparatus distributes a 
content file storing the content data encrypted by using 
the content key data to the data processing apparatus, 
and the data processing apparatus decrypts the content 



key data and the usage control policy data stored in the 
distributed key file and determines the handling of the 
content data stored in the distributed content file based 
on the related decrypted usage control policy data. 
5 [0042] The mode of operation of the data providing 
system of the fifth aspect of the present invention be- 
comes as follows. 

[0043] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
10 ed usage control policy data indicating the handling of 
the content data is produced. 

[0044] The related produced key file is distributed 
from the management apparatus to the data processing 
apparatus. 

15 [0045] Also, the content file storing the content data 
encrypted by using the content key data is distributed 
from the data providing apparatus to the data process- 
ing apparatus. 

[0046] Then, in the data processing apparatus, the 

20 content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the content data stored in the distributed 
content file is determined based on the related decrypt- 
ed usage control policy data. 

25 [0047] Also, a data providing system of a sixth aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 

30 paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating handling of the content data, the data 
providing apparatus distributes a module storing the 

35 content data encrypted by using the content key data 
and the key file received from the management appara- 
tus to the data processing apparatus, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 

40 module and determines the handling of the content data 
based on the related decrypted usage control policy da- 
ta. 

[0048] The mode of operation of the data providing 
system of the sixth aspect of the present invention be- 
45 comes as follows. 

[0049] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
50 key file is sent to the data providing apparatus. 

[0050] Then, the module storing the content data en- 
crypted by using the content key data and the key file 
received from the management apparatus is distributed 
from the data providing apparatus to the data process- 
es ing apparatus. 

[0051] Then, in the data processing -apparatus, the 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
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handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0052] Also, a data providing system of a seventh as- 
pect of the present invention is a data providing system 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating handling of the content data, the data 
providing apparatus individually distributes the content 
data encrypted by using the content key data and the 
key file received from the management apparatus to the 
data processing apparatus, and the data processing ap- 
paratus decrypts the content key data and the usage 
control policy data stored in the distributed key tile and 
determines the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0053] The mode of operation of the data providing 
system of the seventh aspect of the present invention 
becomes as follows. 

[0054] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
key file is sent to the data providing apparatus. 
[0055] Then, the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus are individually distributed from the 
data providing apparatus to the data processing appa- 
ratus. 

[0056] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the distributed content data is determined 
based on the related decrypted usage control policy da- 
ta. 

[0057] Also, a data providing system of an eighth as- 
pect of the present invention is a data providing system 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating handling of the content data and distrib- 
utes the related produced key file to the data processing 
apparatus, the data processing apparatus distributes 
the content data encrypted by using the content key data 
to the data processing apparatus, and the data process- 
ing apparatus decrypts the content key data and the us- 
age control policy data stored in the distributed key file 
and determines the handling of the distributed content 
data based on the related decrypted usage control pol- 
icy data. 

[0058] The mode of operation of the data providing 



system of the eighth aspect of the present invention be- 
comes as follows. 

[0059] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 

5 ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
key file is sent to the data processing apparatus. 
[0060] Also, the content data encrypted by using the 
content key data are distributed from the data providing 

10 apparatus to the data processing apparatus. 

[0061] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the distributed content data is determined 

*5 based on the related decrypted usage control policy da- 
ta. 

[0062] Also, a data providing system of a ninth aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 

20 tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces encrypted content key da- 
ta and encrypted usage control policy data indicating 

25 handling of the content data, the data providing appara- 
tus individually distributes the content data encrypted by 
using the content key data, the encrypted content key 
data received from the management apparatus, and the 
encrypted usage control policy data to the data process- 

30 ing apparatus, and the data processing apparatus de- 
crypts the distributed content key data and the usage 
control policy data and determines the handling of the 
content data stored in the distributed content file based 
on the related decrypted usage control policy data. 

35 [0063] The mode of operation of the data providing 
system of the ninth aspect of the present invention be- 
comes as follows. 

[0064] In the management apparatus, the encrypted 
content key data and the encrypted usage control policy 
40 data indicating the handling of the content data are pro- 
duced, and they are sent to the data providing appara- 
tus. 

[0065] Then, the content data encrypted by using the 
content key data and the encrypted content key data 
^5 and the encrypted usage control policy data received 
from the management apparatus are individually distrib- 
uted from the data providing apparatus to the data 
processing apparatus. 

[0066] Then, in the data processing apparatus, the 
so distributed content key data and the usage control policy 
data are decrypted, and the handling of the content data 
stored in the distributed content file is determined based 
on the related decrypted usage control policy data. 
[0067] Also, a data providing system of a 1 0th aspect 
55 of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
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paratus by a management apparatus, wherein the man- 
agement apparatus produces encrypted content key da- 
ta and encrypted usage control policy data indicating 
handling of the content data and distributes the same to 
the data processing apparatus, the data providing ap- 
paratus distributes the content data encrypted by using 
the content key data to the data processing apparatus, 
and the data processing apparatus decrypts the distrib- 
uted content key data and the usage control policy data 
and determines the handling of the distributed content 
data based on the related decrypted usage control pol- 
icy data. 

[0068] The mode of operation of the data providing 
system of the 10th aspect of the present invention be- 
comes as follows. 

[0069] In the management apparatus, the encrypted 
content key data and the encrypted usage control policy 
data indicating the handling of the content data are pro- 
duced, and they are sent to the data processing appa- 
ratus. 

[0070] Also, the content data encrypted by using the 
content key data are distributed from the data providing 
apparatus to the data processing apparatus. 
[0071] Then, in the data processing apparatus, the 
distributed content key data and the usage control policy 
data are decrypted, and the handling of the distributed 
content data is determined based on the related de- 
crypted usage control policy data. 
[0072] Also, a data providing system of an 1 1th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a data processing apparatus, and a manage- 
ment apparatus, wherein the management apparatus 
produces a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, the data providing appara- 
tus provides the content data encrypted by using the 
content key data, the data distribution apparatus distrib- 
utes the provided content data to the data processing 
apparatus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the key file and determines the handling of the 
distributed content data based on the related decrypted 
usage control policy data. 

[0073] The mode of operation of the data providing 
system of the 11th aspect of the present invention be- 
comes as follows. 

[0074] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced. 

[0075] Then, the content data encrypted by using the 
content key data is provided from the data providing ap- 
paratus to the data distribution apparatus. 
[0076] Then, the provided content data is distributed 
from the data distribution apparatus to the data process- 
ing apparatus. 

[0077] Then, in the data processing apparatus, the 



content key data and the usage control policy data 
stored in the key file are decrypted, and the handling of 
the distributed content data is determined based on the 
related decrypted usage control policy data. 

5 [0078] Also, a data providing system of a 1 2th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 

10 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 

is control policy data indicating the handling of the content 
data, the data providing apparatus provides a first mod- 
ule storing a content file storing the content data en- 
crypted by using the content key data and the key file 
received from the management apparatus to the data 

20 distribution apparatus, the data distribution apparatus 
distributes a second module storing the provided con- 
tent file and the key file to the data processing appara- 
tus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 

25 stored in the distributed second module and determines 
the handling of the content data stored in the distributed 
second module based on the related decrypted usage 
control policy data. 

[0079] The mode of operation of the data providing 
30 system of the 12th aspect of the present invention be- 
comes as follows. 

[0080] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 

35 the content data is produced, and the related produced 
key file is sent to the data providing apparatus. 
[0081] Then, the first module storing the content file 
storing the content data encrypted by using the content 
key data and the key file received from the management 

40 apparatus is provided from the data providing apparatus 
to the data distribution apparatus. 
[0082] Then, the second module storing the provided 
content file and the key file is distributed from the data 
distribution apparatus to the data processing apparatus. 

45 [0083] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed second module are decrypted, 
and the handling of the content data stored in the dis- 
tributed second module is determined based on the re- 

50 lated decrypted usage control policy data. 

[0084] Also, a data providing system of a 13th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 

55 data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
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wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus provides a first mod- 
ule storing a content file containing the content data en- 5 
crypted by using the content key data and a key file re- 
ceived from the management apparatus to the data dis- 
tribution apparatus, the data distribution apparatus dis- 
tributes a second module storing the provided content 
file to the data processing apparatus, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
second module and determines the handling of the con- 
tent data stored in the distributed second module based 
on the related decrypted usage control policy data. 
[0085] Also, a data providing system of a 1 4th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus individually distrib- 
utes a content file storing the content data encrypted by 
using the content key data and the key file received from 
the management apparatus to the data distribution ap- 
paratus, the data distribution apparatus individually dis- 
tributes the distributed content file and key file to the da- 
ta processing apparatus, and the data processing ap- 
paratus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0086] Also, a data providing system of a 1 5th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data and dis- 
tributes the related produced key file to the data 
processing apparatus, the data providing apparatus 
provides a content file storing the content data encrypt- 
ed by using the content key data to the data distribution 
apparatus, the data distribution apparatus distributes 
the provided content file to the data processing appara- 
tus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the distributed key file and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 



data. 

[0087] Also, a data providing system of a 1 6th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus provides a first mod- 
ule storing the content data encrypted by using the con- 
tent key data and the key file received from the manage- 
ment apparatus to the data distribution apparatus, the 
data distribution apparatus distributes a second module 
storing the provided content data and the key file to the 
data processing apparatus, and the data processing ap- 
paratus decrypts the content key data and the usage 
control policy data stored in the distributed second mod- 
ule and determines the handling of the content data 
stored in the distributed second module based on the 
related decrypted usage control policy data. 
[0088] Also, a data providing system of a 1 7th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus individually distrib- 
utes the content data encrypted by using the content key 
data and the key file received from the management ap- 
paratus to the data distribution apparatus, the data dis- 
tribution apparatus individually distributes the distribut- 
ed content data and the key file to the data distribution 
apparatus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key file and determines the han- 
dling of the distributed content data based on the related 
decrypted usage control policy data. 
[0089] Also, a data providing system of an 1 8th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data and dis- 
tributes the related produced key file to the data 
processing apparatus, the data processing apparatus 
provides the content data encrypted by using the con- 
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tent key data to the data distribution apparatus, the data 
distribution apparatus distributes the provided content 
data to the data processing apparatus, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the distributed 
content data based on the related decrypted usage con- 
trol policy data. 

[0090] Also, a data providing system of a 1 9th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus provides encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data to the 
data providing apparatus, the data providing apparatus 
individually distributes the content data encrypted by us- 
ing the content key data and the encrypted content key 
data and the encrypted usage control policy data re- 
ceived from the management apparatus to the data dis- 
tribution apparatus, the data distribution apparatus indi- 
vidually distributes the distributed content data, the en- 
crypted content key data, and the encrypted usage con- 
trol policy data to the data distribution apparatus, and 
the data processing apparatus decrypts the distributed 
content key data and the usage control policy data and 
determines the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0091] Also, a data providing system of a 20th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus provides encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data to the 
data processing apparatus, the data providing appara- 
tus provides the content data encrypted by using the 
content key data to the data distribution apparatus, the 
data distribution apparatus distributes the provided con- 
tent data to the data processing apparatus, and the data 
processing apparatus decrypts the distribute the con- 
tent key data and the usage control policy data and de- 
termines the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0092] Also, a data providing system of a 21 st aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 



ing apparatus, wherein the data providing apparatus 
provides master source data of content to the manage- 
ment apparatus, the management apparatus manages 
the data providing apparatus, the data distribution ap- 
5 paratus, and the data processing apparatus, encrypts 
the provided master source data by using content key 
data to produce content data, produces a content file 
storing the related content data, produces a key file stor- 
ing the encrypted content key data and encrypted usage 

10 control policy data indicating the handling of the content 
data, and provides the content file and the key file to the 
data distribution apparatus, the data distribution appa- 
ratus distributes the provided content file and the key 
file to the data processing apparatus, and the data 

'5 processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 

20 [0093] Also, a data providing system of a 22nd aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 

25 provides master source data of content to the manage- 
ment apparatus, the management apparatus manages 
the data providing apparatus, the data distribution ap- 
paratus, and the data processing apparatus, encrypts 
the provided master source data by using content key 

30 data to produce content data, produces a content file 
storing the related content data, produces a key file stor- 
ing the encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, and provides the content file to the data distribution 

35 apparatus, provides the key file to the data processing 
apparatus, the data distribution apparatus distributes 
the provided content file to the data processing appara- 
tus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 

40 stored in the distributed key file and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 
data. 

[0094] Also, a data providing system of a 23rd aspect 
45 of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 
provides a content file storing encrypted content data 
so using content key data to the management apparatus, 
the management apparatus manages the data provid- 
ing apparatus, the data distribution apparatus, and the 
data processing apparatus, produces a key file storing 
the encrypted content key data and encrypted usage 
55 control policy data indicating the handling of the content 
data, and provides the content file provided from the da- 
ta providing apparatus and the produced key file to the 
data distribution apparatus, the data distribution appa- 
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ratus distributes the provided content file and the key 
file to the data processing apparatus, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 5 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0095] Also, a data providing system of a 24th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 
provides a content file storing encrypted content data 
using content key data to the management apparatus, 
the management apparatus manages the data provid- 
ing apparatus, the data distribution apparatus, and the 
data processing apparatus, produces a key file storing 
the encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, provides the content file provided from the data 
providing apparatus to the data distribution apparatus, 
and provides the produced key file to the data process- 
ing apparatus, the data distribution apparatus distrib- 
utes the provided content file to the data processing ap- 
paratus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the provided key file and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 
data. 

[0096] Also, a data providing system of a 25th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encrypts content data by using content 
key data, produces a content file storing the related en- 
crypted content data, and stores the related produced 
content file and a key file provided from the manage- 
ment apparatus in the database device, the manage- 
ment apparatus produces the key file storing the en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
and provides the related produced key file to the data 
providing apparatus, the data distribution apparatus dis- 
tributes the content file and key file obtained from the 
database device to the data processing apparatus, and 
the data processing apparatus decrypts the content key 
data and the usage control policy data stored in the dis- 
tributed key file and determines the handling of the con- 
tent data stored in the distributed content file based on 
the related decrypted usage control policy data. 
[0097] Also, a data providing system of a 26th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encrypts content data by using content 



key data, produces a content file storing the related en- 
crypted content data, and stores the related produced 
content file in the database device, the management ap- 
paratus produces the key file storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data and provides 
the related produced key file to the data distribution ap- 
paratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 
key file provided from the data distribution apparatus to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0098] Also, a data providing system of a 27th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encrypts content data by using content 
key data, produces a content file storing the related en- 
crypted content data, and stores the related produced 
content file in the database device, the management ap- 
paratus produces the key file storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data and provides 
the related produced key file to the data processing ap- 
paratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 
key file provided from the data distribution apparatus to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the provided key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0099] Also, a data providing system of a 28th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files and key files 
provided from corresponding management apparatus- 
es in the database device, the management apparatus- 
es produce key files storing the encrypted content key 
data and the encrypted usage control policy data indi- 
cating the handling of the content data for the content 
data provided by corresponding data providing appara- 
tuses, and provide the related produced key files to cor- 
responding data providing apparatuses, the data distri- 
bution apparatus distributes the content files and key 
files obtained from the database device to the data 
processing apparatus, and the data processing appara- 
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tus decrypts the content key data and the usage control 
policy data stored in the distributed key files and deter- 
mines the handling of the content data stored in the dis- 
tributed content files based on the related decrypted us- 
age control policy data. 

[0100] Also, a data providing system of a 29th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data for the content data provided by corre- 
sponding data providing apparatuses, and provide the 
related produced key files to the data distribution appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device and the 
key files provided from the management apparatus to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key files and 
determines the handling of the content data stored in 
the distributed content files based on the related de- 
crypted usage control policy data. 
[0101] Also, a data providing system of a 30th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data for the content data provided by corre- 
sponding data providing apparatuses, and provide the 
related produced key files to the data processing appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device to the 
data processing apparatus, and the data processing ap- 
paratus decrypts the content key data and the usage 
control policy data stored in the distributed key files and 
determines the handling of the content data stored in 
the distributed content files based on the related de- 
crypted usage control policy data. 
[0102] Also, a data providing system of a 31st aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 



master sources of content data to corresponding man- 
agement apparatuses and store content files and key 
files received from the related management apparatus- 
es in the database, the management apparatuses en- 
5 crypt the master sources received from corresponding 
data providing apparatuses by using content key data, 
produce the content files storing the related encrypted 
content data, produce key files storing the encrypted 
content key data and encrypted usage control policy da- 
10 ta indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the produced content files and the 
produced key files to corresponding data providing ap- 
paratuses, the data distribution apparatus distributes 
15 the content files and key files obtained from the data- 
base device to the data processing apparatus, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key files and determines the handling of the con- 
20 tent data stored in the distributed content files based on 
the related decrypted usage control policy data. 
[0103] Also, a data providing system of a 32nd aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
25 tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses, and store content files received 
30 from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce the con- 
tent files storing the related encrypted content data, 
35 send the related produced content files to the data pro- 
viding apparatuses, produce key files storing the en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data 
for the content data provided by corresponding data pro- 
40 viding apparatuses, and send the produced key files to 
corresponding data distribution apparatus, the data dis- 
tribution apparatus distributes the content files obtained 
from the database device and the key files provided from 
the management apparatuses to the data processing 
45 apparatus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key files and determines the 
handling of the content data stored in the distributed 
contentfiles based on the related decrypted usage con- 
50 trol policy data. 

[0104] Also, a data providing system of a 33rd aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
55 tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files received 
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from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce the con- 
tent files storing the related encrypted content data, 
send the related produced content files to the data pro- 
viding apparatuses, produce key files storing the en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data 
for the content data provided by corresponding data pro- 
viding apparatuses, and send the produced key files to 
the data processing apparatus, the data distribution ap- 
paratus distributes the content files obtained from the 
database device and the key files provided from the 
management apparatuses to the data processing appa- 
ratus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the provided key files and determines the han- 
dling of the content data stored in the distributed content 
files based on the related decrypted usage control policy 
data. 

[0105] Also, a data providing method of a first aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data, the data 
providing apparatus provides the content data encrypt- 
ed by using the content key data, and the data process- 
ing apparatus decrypts the content key data and the us- 
age control policy data stored in the key file and deter- 
mines the handling of the content data based on the re- 
lated decrypted usage control policy data. 
[0106] Also, a data providing method of a second as- 
pect of the present invention is a data providing method 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus : preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, distributing the produced key file from the 
management apparatus to the data providing appara- 
tus, distributing a module storing a content file storing 
the content data encrypted by using the content key data 
and the key file distributed from the management appa- 
ratus from the data providing apparatus to the data 
processing apparatus, and in the data processing appa- 
ratus, decrypting the content key data and the usage 
control policy data stored in the distributed module and 
determining the handling of the content data based on 
the related decrypted usage control policy data. 
[01 07] Also, a data providing method of a third aspect 
of the present invention is a data providing method for 



distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 

5 steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, in the data providing apparatus, distribut- 
ing a module storing a content file containing the content 

10 data encrypted by using the content key data and the 
key file received from the management apparatus to the 
data processing apparatus, and in the data processing 
apparatus, decrypting the content key data and the us- 
age control policy data stored in the distributed module 

15 and determining the handling of the content data based 
on the related decrypted usage control policy data. 
[0108] Also, a data providing method of a fourth as- 
pect of the present invention is a data providing method 
for distributing content data from a data providing appa- 

20 ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 

25 usage control policy data indicating the handling of the 
content data, distributing the related key file from the 
management apparatus to the data providing appara- 
tus, individually distributing a content file storing the 
content data encrypted by using the content key data 

30 and the key file received from the management appara- 
tus from the data providing apparatus to the data 
processing apparatus, and in the data processing appa- 
ratus, decrypting the content key data and the usage 
control policy data stored in the distributed key file and 

35 determining the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0109] Also, a data providing method of a fifth aspect 
of the present invention is a data providing method for 

40 distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 

15 file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, distributing the related key file from the 
management apparatus to the data processing appara- 
tus, distributing a content file storing the content data 

50 encrypted by using the content key data from the data 
providing apparatus to the data processing apparatus, 
and in the data processing apparatus, decrypting the 
content key data and the usage control policy data 
stored in the distributed key file and determining the 

55 handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

[01 10] Also, a data providing method of a sixth aspect 
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of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the s 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, in the data providing apparatus, distribut- 
ing a module storing the content data encrypted by using 10 
the content key data and the key file received from the 
management apparatus to the data processing appara- 
tus, and in the data processing apparatus, decrypting 
the content key data and the usage control policy data 
stored in the distributed module and determining the is 
handling of the content data based on the related de- 
crypted usage control policy data. 
[01 11 ] Also, a data providing method of a seventh as- 
pect of the present invention is a data providing method 
for distributing content data from a data providing appa- 20 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 25 
usage control policy data indicating the handling of the 
content data, in the data providing apparatus, individu- 
ally distributing the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus to the data processing apparatus, 30 
and in the data processing apparatus, decrypting the 
content key data and the usage control policy data 
stored in the distributed key file and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 35 
[01 12] Also, a data providing method of an eighth as- 
pect of the present invention is a data providing method 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 40 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, distributing the related produced key file 45 
to the data processing apparatus, in the data providing 
apparatus, distributing the content data encrypted by 
using the content key data to the data processing appa- 
ratus, and in the data processing apparatus, decrypting 
the content key data and the usage control policy data so 
stored in the distributed key file and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[01 1 3] Also, a data providing method of a ninth aspect 
of the present invention is a data providing method for 55 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 



paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
in the data providing apparatus, individually distributing 
the content data encrypted by using the content key data 
and the encrypted content key data and the encrypted 
usage control policy data received from the manage- 
ment apparatus to the data processing apparatus, and 
in the data processing apparatus, decrypting the distrib- 
uted content key data and the usage control policy data 
and determining the handling of the content data stored 
in the distributed content file based on the related de- 
crypted usage control policy data. 
[0114] Also, a data providing method of a 10th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data 
and distributing the same to the data processing appa- 
ratus, in the data providing apparatus, distributing the 
content data encrypted by using the content key data to 
the data processing apparatus, and in the data process- 
ing apparatus, decrypting the distributed content key da- 
ta and the usage control policy data and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0115] Also, a data providing method of an 11th as- 
pect of the present invention is a data providing method 
using a data providing apparatus, a data distribution ap- 
paratus, a data processing apparatus, and a manage- 
ment apparatus, comprising the steps of, in the man- 
agement apparatus, preparing a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data, provid- 
ing the content data encrypted by using the content key 
data from the data providing apparatus to the data dis- 
tribution apparatus, in the data distribution apparatus, 
distributing the provided content data to the data 
processing apparatus, and in the data processing appa- 
ratus, decrypting the content key data and the usage 
control policy data stored in the key file and determining 
the handling of the distributed content data based on the 
related decrypted usage control policy data. 
[01 16] Also, a data providing method of a 1 2th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
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and encrypted usage control policy data indicating the 
handling of the content data, distributing the related pro- 
duced key file from the management apparatus to the 
data providing apparatus, providing a first module stor- 
ing a content file storing the content data encrypted by 5 
using the content key data and the key file received from 
the management apparatus from the data providing ap- 
paratus to the data distribution apparatus, and distribut- 
ing a second module storing the provided content file 
and the key file from the data distribution apparatus to 
the data processing apparatus, and in the data process- 
ing apparatus, decrypting the content key data and the 
usage control policy data stored in the distributed sec- 
ond module and determining the handling of the content 
data stored in the distributed second module based on 
the related decrypted usage control policy data. 
[01 1 7] Also, a data providing method of a 1 3th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, providing a first module storing a content file 
containing the content data encrypted by using the con- 
tent key data and a key file received from the manage- 
ment apparatus to the data distribution apparatus, in the 
data distribution apparatus, distributing a second mod- 
ule storing the provided content file to the data process- 
ing apparatus, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed second module and 
determining the handling of the content data stored in 
the distributed second module based on the related de- 
crypted usage control policy data. 
[0118] Also, a data providing method of a 14th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, distributing the produced 
key file from the management apparatus to the data pro- 
viding apparatus, individually distributing a content file 
storing the content data encrypted by using the content 
key data and the key file received from the management 
apparatus from the data providing apparatus to the data 
distribution apparatus, individually distributing the dis- 



tributed content file and the key file from the data distri- 
bution apparatus to the data distribution apparatus, and 
in the data processing apparatus, decrypting the content 
key data and the usage control policy data stored in the 
distributed key file and determining the handling of the 
content data stored in the distributed content file based 
on the related decrypted usage control policy data. 
[01 19] Also, a data providing method of a 1 5th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, distributing the related produced key file 
from the management apparatus to the data processing 
apparatus, providing a content file storing the content 
data encrypted by using the content key data from the 
data providing apparatus to the data distribution appa- 
ratus, and distributing the provided content file from the 
data distribution apparatus to the data processing ap- 
paratus, and in the data processing apparatus, decrypt- 
ing the content key data and the usage control policy 
data stored in the distributed key file and determining 
the handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

[0120] Also, a data providing method of a 1 6th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content, 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, providing a first module storing the content data 
encrypted by using the content key data and the key file 
received from the management apparatus to the data 
distribution apparatus, in the data distribution appara- 
tus, distributing a second module storing the provided 
content data and the key file to the data processing ap- 
paratus, and in the data processing apparatus, decrypt- 
ing the content key data and the usage control policy 
data stored in the distributed second module and deter- 
mining the handling of the content data stored in the dis- 
tributed second module based on the related decrypted 
usage control policy data. 

[01 21 ] Also, a data providing method of a 1 7th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
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processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 5 
and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, individually distributing the content data en- 
crypted by using the content key data and the key file 
received from the management apparatus to the data 10 
distribution apparatus, in the data distribution appara- 
tus, individually distributing the distributed content data 
and the key file to the data distribution apparatus, and 
in the data processing apparatus, decrypting the content 
key data and the usage control policy data stored in the *5 
distributed key file and determining the handling of the 
distributed content data based on the related decrypted 
usage control policy data. 

[0122] Also, a data providing method of an 18th as- 
pect of the present invention is a data providing method 20 
for distributing content data from a data providing appa- 
ratus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 25 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data and distributing the related produced key 
file to the data processing apparatus, in the data provid- 
ing apparatus, providing the content data encrypted by 30 
using the content key data to the data distribution appa- 
ratus, in the data distribution apparatus, distributing the 
provided content data to the data processing apparatus, 
and in the data processing apparatus, decrypting the 
content key data and the usage control policy data 35 
stored in the distributed key file and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0123] Also, a data providing method of a 1 9th aspect 
of the present invention is a data providing method for 40 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 45 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
providing encrypted content key data and encrypted us- 
age control policy data indicating the handling of the 
content data to the data providing apparatus, in the data so 
providing apparatus, individually distributing the content 
data encrypted by using the content key data and the 
encrypted content key data and the encrypted usage 
control policy data which are received from the manage- 
ment apparatus to the data distribution apparatus, in the 55 
data distribution apparatus, individually distributing the 
distributed content data, the encrypted content key data, 
and the encrypted usage control policy data to the data 



distribution apparatus, and in the data processing appa- 
ratus, decrypting the distributed content key data and 
the usage control policy data and determining the han- 
dling of the distributed content data based on the related 
decrypted usage control policy data. 
[0124] Also, a data providing method of a 20th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
distributing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data to the data processing apparatus, in the 
data providing apparatus, distributing the content data 
encrypted by using the content key data to the data dis- 
tribution apparatus, in the data distribution apparatus, 
distributing the provided content data to the data 
processing apparatus, and in the data processing appa- 
ratus, decrypting the distributed content key data and 
the usage control policy data and determining the han- 
dling of the distributed content data based on the related 
decrypted usage control policy data. 
[0125] Also, a data providing method of a 21st aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides master source data of content to the management 
apparatus, the management apparatus manages the 
data providing apparatus, the data distribution appara- 
tus, and the data processing apparatus, encrypts the 
provided master source data by using content key data 
to produce content data, produces a content file storing 
the related content data, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
and provides the content file and the key file to the data 
distribution apparatus, the data distribution apparatus 
distributes the provided content file and the key file to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[01 26] Also, a data providing method of a 22nd aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides master source data of content to the management 
apparatus, the management apparatus manages the 
data providing apparatus, the data distribution appara- 
tus, and the data processing apparatus, encrypts the 
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provided master source data by using content key data 
to produce content data, produces a content file storing 
the related content data, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
and provides the content file to the data distribution ap- 
paratus and provides the key file to the data processing 
apparatus, the data distribution apparatus distributes 
the provided content file to the data processing appara- 
tus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the provided key file and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 
data. 

[01 27] Also, a data providing method of a 23rd aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides a content file storing encrypted content data using 
content key data to the management apparatus, the 
management apparatus manages the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
provides the content file provided from the data provid- 
ing apparatus and the produced key file to the data dis- 
tribution apparatus, the data distribution apparatus dis- 
tributes the provided content file and the key file to the 
data processing apparatus, and the data processing ap- 
paratus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[01 28] Also, a data providing method of a 24th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides a content file storing encrypted content data using 
content key data to the management apparatus, the 
management apparatus manages the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
provides the content file provided from the data provid- 
ing apparatus to the data distribution apparatus, and 
provides the produced key file to the data processing 
apparatus, the data distribution apparatus distributes 
the provided content file to the data processing appara- 
tus, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the provided key file and determines the han- 
dling of the content data stored in the distributed content 



file based on the related decrypted usage control policy 
data. 

[01 29] Also, a data providing method of a 25th aspect 
of the present invention is a data providing method using 

5 a data providing apparatus, a data distribution appara- 
tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 
apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 

w ed content data, and stores the related produced con- 
tent file and a key file provided from the management 
apparatus in the database device, the management ap- 
paratus produces a key file storing the encrypted con- 
tent key data and encrypted usage control policy data 

15 indicating the handling of the content data and provides 
the related produced key file to the data providing ap- 
paratus, the data distribution apparatus distributes the 
content file and key file obtained from the database de- 
vice to the data processing apparatus, and the data 

20 processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 

25 [01 30] Also, a data providing method of a 26th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 

30 apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 
ed content data, and stores the related produced con- 
tent file in the database device, the management appa- 
ratus produces a key file storing the encrypted content 

35 key data and encrypted usage control policy data indi- 
cating the handling of the content data and provides the 
related produced key file to the data distribution appa- 
ratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 

40 key file provided from the data distribution apparatus to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
determines the handling of the content data stored in 

45 the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0131] Also, a data providing method of a 27th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 

so tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 
apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 
ed content data, and stores the related produced con- 

55 tent file in the database device, the management appa- 
ratus produces a key file storing the encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data and provides the 
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related produced key file to the data processing appa- 
ratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 
key file provided from the data distribution apparatus to 
the data processing apparatus, and the data processing 5 
apparatus decrypts the content key data and the usage 
control policy data stored in the provided key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. w 
[01 32] Also, a data providing method of a 28th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- is 
tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files and key files 
provided from corresponding management apparatus- 20 
es in the database device, the management apparatus- 
es produce the key files storing the encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data for the content 
data provided by corresponding data providing appara- 25 
tuses and provide the related produced key files to cor- 
responding data providing apparatuses, the data distri- 
bution apparatus distributes the content files and key 
files obtained from the database device to the data 
processing apparatus, and the data processing appara- 30 
tus decrypts the content key data and the usage control 
policy data stored in the distributed key files and deter- 
mines the handling of the content data stored in the dis- 
tributed content files based on the related decrypted us- 
age control policy data. 35 
[0133] Also, a data providing method of a 29th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 40 
tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce the key 45 
files storing the encrypted content key data and encrypt- 
ed usage control policy data indicating the handling of 
the content data for the content data provided by corre- 
sponding data providing apparatuses and provide the 
related produced key files to the data distribution appa- so 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device and the 
key files provided from the management apparatuses to 
the data processing apparatus, and the data processing 
apparatus decrypts the content key data and the usage 55 
control policy data stored in the distributed key files and 
determines the handling of the content data stored in 
the distributed content files based on the related de- 



crypted usage control policy data. 
[01 34] Also, a data providing method of a 30th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce the key 
files storin g the encrypted content key data and encrypt- 
ed usage control policy data indicating the handling of 
the content data for the content data provided by corre- 
sponding data providing apparatuses and provide the 
related produced key files to the data processing appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device to the 
data processing apparatus, and the data processing ap- 
paratus decrypts the content key data and the usage 
control policy data stored in the provided key files and 
determines the handling of the content data stored in 
the distributed content files based on the related de- 
crypted usage control policy data. 
[0135] Also, a data providing method of a 31st aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files and key 
files received from the related management apparatus- 
es in the database, the management apparatuses en- 
crypt the master sources received from corresponding 
data providing apparatuses by using content key data, 
produce content files storing the related encrypted con- 
tent data, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the produced content files and the 
produced key files to corresponding data providing ap- 
paratuses, the data distribution apparatus distributes 
the content files and key files obtained from the data- 
base device to the data processing apparatus, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key files and determines the handling of the con- 
tent data stored in the distributed content files based on 
the related decrypted usage control policy data. 
[0136] Also, a data providing method of a 32nd aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
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agement apparatuses and store content files received 
from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 
related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the related produced key files to 
corresponding data distribution apparatus, the data dis- 
tribution apparatus distributes the content files obtained 
from the database device and key files provided from 
the management apparatuses to the data processing 
apparatus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key files and determines the 
handling of the content data stored in the distributed 
content files based on the related decrypted usage con- 
trol policy data. 

[01 37] Also, a data providing method of a 33rd aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files received 
from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 
related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and provide the related produced key files to 
the data processing apparatus, the data distribution ap- 
paratus distributes the content files obtained from the 
database device to the data processing apparatus, and 
the data processing apparatus decrypts the content key 
data and the usage control policy data stored in the pro- 
vided key files and determines the handling of the con- 
tent data stored in the distributed content files based on 
the related decrypted usage control policy data. 
[0138] Also, a data providing system of a 34th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus, wherein the data 
providing apparatus distributes a module storing the 
content data encrypted by using content key data, the 
encrypted content key data, and encrypted usage con- 
trol policy data indicating the handling of the content da- 
ta to the data processing apparatus by using a prede- 



termined communication protocol in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
5 the usage control policy data stored in the distributed 
module and determines the handling of the content data 
based on the related decrypted usage control policy da- 
ta. 

[0139] The mode of operation of the data providing 
10 system of the 34th aspect of the present invention be- 
comes as follows. 

[01 40] The module storing the content data encrypted 
by using the content key data, the encrypted content key 
data, and the encrypted usage control policy data indi- 
'5 eating the handling of the content data is distributed from 
the data providing apparatus to the data processing ap- 
paratus. 

[0141] At this time, the related module is distributed 
from the data providing apparatus to the data process- 
20 ing apparatus by using a predetermined communication 
protocol in a format not depending upon the related 
communication protocol or while being recorded on a 
storage medium. 

[0142] Then, in the data processing apparatus, the 

25 content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0143] In this way, by storing the usage control policy 

30 data indicating the handling of the related content data 
in the module storing the content data, in the data 
processing apparatus, it becomes possible to handle 
(use) the content data based on the usage control policy 
data produced by the interested parties of the data pro-. 

35 viding apparatus. 

[0144] Also, the module is distributed from the data 
providing apparatus to the data processing apparatus 
in the format not depending upon a predetermined com- 
munication protocol, so a compression method, encryp- 

^o tion method, etc. of the content data stored in the mod- 
ule can be freely determined by the data providing ap- 
paratus. 

[0145] Also, in the data providing system of the 34th 
aspect of the present invention, preferably the module 

45 further storing signature data for verifying a legitimacy 
of a producer and a transmitter of at least one data 
among the content data, the content key data, and the 
usage control policy data is distributed to the data 
processing apparatus. 

so [0146] Also, in the data providing system of the 34th 
aspect of the present invention, preferably the data pro- 
viding apparatus distributes the module further storing 
at least one data between data for verifying if the related 
data is not tampered with and signature data for verify- 

55 ing if the related data was normally certified by a prede- 
termined manager for at least one data among the con- 
tent data, the content key data, and the usage control 
policy data to the data processing apparatus. 
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[0147] Also, in the data providing system of the 34th 
aspect of the present invention, preferably the data 
processing apparatus determines a purchase form of 
the content data based on the usage control policy data, 
and where the content data is transferred to another da- 
ta processing apparatus, the signature data indicating 
the legitimacy of the purchaser of the related content 
data and the signature data indicating the legitimacy of 
the transmitter of the related content data are made dif- 
ferent. 

[0148] A data providing system of 35th aspect of the 
present invention is a data providing system for distrib- 
uting content data from a data providing apparatus to a 
data processing apparatus and managing the data pro- 
viding apparatus and the data processing apparatus by 
a management apparatus, wherein the management 
apparatus produces a key file storing encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data, the data provid- 
ing apparatus distributes a module storing a content file 
storing the content data encrypted by using the content 
key data and the key file received from the management 
apparatus to the data processing apparatus by using a 
predetermined communication protocol in a format not 
depending upon the related communication protocol or 
by recording the same on a storage medium, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed module and determines the handling of the con- 
tent data based on the related decrypted usage control 
policy data. 

[0149] The mode of operation of the data providing 
system of the 35th aspect of the present invention be- 
comes as follows. 

[0150] In the management apparatus, the key file 35 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced. 

[01 51 ] Then , the related produced key file is distribut- 
ed from the management apparatus to the data provid- 40 
ing apparatus. 

[01 52] Then, the module storing the content file stor- 
ing the content data encrypted by using the content key 
data and the key file received from the management ap- 
paratus is distributed from the data providing apparatus 45 
to the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or 
while being recorded on a storage medium. 
[0153] Then, in the data processing apparatus, the so 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0154] Also, in the data providing system of the 35th 55 
aspect of the present invention, preferably the manage- 
ment apparatus produces signature data for verifying 
the legitimacy of the producer of the key file and produc- 



es the key file further storing the related signature data. 
[0155] Also, in the data providing system of the 35th 
aspect of the present invention, preferably the data pro- 
viding apparatus produces the content key data and the 
5 usage control policy data and transmits the same to the 
management apparatus, and the management appara- 
tus produces the key file based on the received content 
key data and usage control policy data and registers the 
related produced key file. 
10 [0156] Also, a data providing apparatus of the present 
invention is a data providing apparatus which is man- 
aged by a management apparatus and distributes con- 
tent data to a data processing apparatus, receiving a 
key file storing encrypted content key data and encrypt- 
'5 ed usage control policy data indicating the handling of 
the content data from the management apparatus and 
distributing a module storing a content file storing the 
content data encrypted by using the content key data 
and the key file received from the management appara- 
20 tus to the data processing apparatus. 

[0157] Also, a data processing apparatus of the 
present invention is a data processing apparatus man- 
aged by a management apparatus and utilizing content 
data, receiving a module containing a key file storing en- 
25 crypted content key data and encrypted usage control 
policy data indicating the handling of the content data 
and a content file storing the content data encrypted by 
using the content key data, determining at least one be- 
tween a purchase form and an usage form of the content 
30 data based on the usage control policy data, and trans- 
mitting a log data indicating the log of the determined at 
least one of the related purchase form and usage form 
to the management apparatus. 

[0158] Also, a data providing system of a 36th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data, the data 
providing apparatus distributes a module storing a con- 
tent file containing the content data encrypted by using 
the content key data and the key file received from the 
management apparatus to the data processing appara- 
tus by using a predetermined communication protocol 
in a format not depending upon the related communica- 
tion protocol or recording the same on a storage medi- 
um, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the distributed module and determines the 
handling of the content data based on the related de- 
crypted usage control policy data. 
[0159] The mode of operation of the data providing 
system of the 36th aspect of the present invention be- 
comes as follows. 

[0160] In the management apparatus, the key file 
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storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related key file is 
sent to the data providing apparatus. 
[0161] Then, the module storing the content file con- 
taining the content data encrypted by using the content 
key data and the key file received from the management 
apparatus is distributed from the data providing appara- 
tus to the data processing apparatus by using a prede- 
termined communication protocol in a format not de- 
pending upon the related communication protocol or 
while being recorded on a storage medium. 
[0162] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0163] Also, a data providing system of a 37th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data, the data 
providing apparatus individually distributes a content file 
storing the content data encrypted by using the content 
key data and the key file received from the management 
apparatus to the data processing apparatus by using a 
predetermined communication protocol but in a format 
not depending upon the related communication protocol 
or by recording the same on a storage medium, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key file and determines the handling of the con- 
tent data stored in the distributed content file based on 
the related decrypted usage control policy data. 
[0164] The mode of operation of the data providing 
system of the 37th aspect of the present invention be- 
comes as follows. In the management apparatus, the 
key file storing the encrypted content key data and the 
encrypted usage control policy data indicating the han- 
dling of the content data is produced, and the related 
key file is sent to the data providing apparatus. 
[0165] Then, in the data processing apparatus, the 
content file storing the content data encrypted by using 
the content key data and the key file received from the 
management apparatus are individually distributed to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or 
while being recorded on a storage medium. 
[0166] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the content data stored in the distributed 
content file is determined based on the related-decrypt- 



ed usage control policy data. 

[01 67] Also, a data providing system of a 38th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 

5 tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 

io data indicating the handling of the content data and dis- 
tributes the related produced key file to the data 
processing apparatus, the data providing apparatus dis- 
tributes a content file storing the content data encrypted 
by using the content key data to the data processing ap- 

*5 paratus by using a predetermined communication pro- 
tocol but in a format not depending upon the related 
communication protocol or recording the same on a 
storage medium, and the data processing apparatus de- 
crypts the content key data and the usage control policy 

20 data stored in the distributed key file and determines the 
handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

[0168] Below, an explanation will be made of the 
25 mode of operation of the data providing system of the 
38th aspect of the present invention. 
[0169] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
30 the content data is produced. 

[0170] The related produced key file is distributed 
from the management apparatus to the data processing 
apparatus. 

[0171] Also, the content file storing the content data 
35 encrypted by using the content key data is distributed 
from the data providing apparatus to the data process- 
ing apparatus by using a predetermined communication 
protocol but in a format not depending upon the related 
communication protocol or while being recorded on a 
40 storage medium. 

[0172] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the content data stored in the distributed 
content file is determined based on the related decrypt- 
ed usage control policy data. 

[0173] Also, a data providing system of a 39th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 

so tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 

55 data indicating the handling of the content data, the data 
providing apparatus distributes a module storing the 
content data encrypted by using the content key data 
and the key file received from the management appara- 
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tus to the data processing apparatus by using a prede- 
termined communication protocol but in a format not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
module and determines the handling of the content data 
based on the related decrypted usage control policy da- 
ta. 

[0174] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
39th aspect of the present invention. 
[0175] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related key file is 
sent to the data providing apparatus. 
[0176] Then, the module storing the content data en- 
crypted by using the content key data and the key file 
received from the management apparatus is distributed 
from the data providing apparatus to the data process- 
ing apparatus by using a predetermined communication 
protocol but in a format not depending upon the related 
communication protocol or while being recorded on a 
storage medium. 

[0177] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed module are decrypted, and the 
handling of the content data is determined based on the 
related decrypted usage control policy data. 
[0178] Also, a data providing system of a 40th aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data, the data 
providing apparatus individually distributes the content 
data encrypted by using the content key data and the 
key file received from the management apparatus to the 
data processing apparatus by using a predetermined 
communication protocol but in a format not depending 
upon the related communication protocol or recording 
the same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
determines the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0179] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
40th aspect of the present invention. 
[0180] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related key file is 



sent to the data providing apparatus. 
[0181] Then, the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus are individually distributed from the 
s data providing apparatus to the data processing appa- 
ratus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 
nication protocol or while being recorded on a storage 
medium. 

10 [0182] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the distributed content data is determined 
based on the related decrypted usage control policy da- 

'5 ta. 

[01 83] Also, a data providing system of a 41 st aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 

20 data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces a key file storing encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data and dis- 

25 tributes the related produced key file to the data 
processing apparatus, the data providing apparatus dis- 
tributes the content data encrypted by using the content 
key data to the data processing apparatus by using a 
predetermined communication protocol but in a format 

30 not depending upon the related communication protocol 
or recording the same on a storage medium, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key file and determines the handling of the dis- 

35 tributed content data based on the related decrypted us- 
age control policy data. 

[0184] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
41st aspect of the present invention. 

40 [0185] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 
the content data is produced, and the related produced 
key file is distributed to the data processing apparatus. 

45 [0186] Also, the content data encrypted by using the 
content key data is distributed from the data providing 
apparatus to the data processing apparatus by using a 
predetermined communication protocol but in a format 
not depending upon the related communication protocol 

50 or while being recorded on a storage medium. 

[0187] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed key file are decrypted, and the 
handling of the distributed content data is determined 

55 based on the related decrypted usage control policy da- 
ta. 

[0188] Also, a data providing system of a 42nd aspect 
of the present invention is a data providing system for 
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distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces encrypted content key da- 5 
ta and encrypted usage control policy data indicating the 
handling of the content data, the data providing appara- 
tus individually distributes the content data encrypted by 
using the content key data and the encrypted content 
key data and the encrypted usage control policy data 10 
received from the management apparatus to the data 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and the data processing '5 
apparatus decrypts the distributed content key data and 
the usage control policy data and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 
data. 20 
[0189] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
42nd aspect of the present invention. 
[0190] In the management apparatus, the encrypted 
content key data and the encrypted usage control policy 25 
data indicating the handling of the content data are pro- 
duced and are sent to the data providing apparatus. 
[0191] Then, the content data encrypted by using the 
content key data and the encrypted content key data 
and the encrypted usage control policy data received 30 
from the management apparatus are individually distrib- 
uted from the data providing apparatus to the data 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or while being re- 35 
corded on a storage medium. 

[0192] Then, in the data processing apparatus, the 
distributed content key data and the usage control policy 
data are decrypted, and the handling of the content data 
stored in the distributed content file is determined based 40 
on the related decrypted usage control policy data. 
[0193] Also, a data providing system of a 43rd aspect 
of the present invention is a data providing system for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 45 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, wherein the man- 
agement apparatus produces encrypted content key da- 
ta and encrypted usage control policy data indicating the 
handling of the content data and distributes the same to so 
the data processing apparatus, the data providing ap- 
paratus distributes the content data encrypted by using 
the content key data to the data processing apparatus 
by using a predetermined communication protocol but 
in a format not depending upon the related communica- 55 
tion protocol or recording the same on a storage rnedi^ 
um, and the data processing apparatus decrypts the dis- 
tributed content key data and the usage control policy 



data and determines the handling of the distributed con- 
tent data based on the related decrypted usage control 
policy data. 

[0194] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
43rd aspect of the present invention. 
[0195] In the management apparatus, the encrypted 
content key data and the encrypted usage control policy 
data indicating the handling of the content data are pro- 
duced and are distributed to the data processing appa- 
ratus. 

[0196] Then, the content data encrypted by using the 
content key data is distributed from the data providing 
apparatus to the data processing apparatus by using a 
predetermined communication protocol but in a format 
not depending upon the related communication protocol 
or while being recorded on a storage medium. 
[0197] Then, in the data processing apparatus, the 
distributed content key data and the usage control policy 
data are decrypted, and the handling of the distribution 
the content data is determined based on the related de- 
crypted usage control policy data. 
[0198] Also, a data providing system of a 44th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, and a data processing apparatus, wherein the 
data providing apparatus provides a first module storing 
content data encrypted by using content key data, the 
encrypted content key data, and encrypted usage con- 
trol policy data indicating the handling of the content da- 
ta to the data distribution apparatus, the data distribution 
apparatus distributes a second module storing the en- 
crypted content data, content key data, and the usage 
control policy data stored in the provided first module to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
second module and determines the handling of the con- 
tent data based on the related decrypted usage control 
policy data. 

[0199] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
44th aspect of the present invention. 
[0200] The first module storing the content data en- 
crypted by using the content key data, the encrypted 
content key data, and the encrypted usage control policy 
data indicating the handling of the content data is pro- 
vided from the data providing apparatus to the data dis- 
tribution apparatus by for example using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or 
while being recorded on a storage medium. 
[0201 ] Next, the second module storing the encrypted 
content data, content key data, and the usage control 
policy data stored in the provided first module is distrib- 
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uted from the data distribution apparatus to the data 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or while being re- 
corded on a storage medium. 

[0202] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed second module are decrypted, 
and the handling of the content data is determined 
based on the related decrypted usage control policy da- 
ta. 

[0203] In this way, by storing the usage control policy 
data indicating the handling of the related content data 
in the first module and second module storing the con- 
tent data, in the data processing apparatus, it becomes 
possible to have the data processing apparatus perform 
the handling (usage) of the content data based on the 
usage control policy data produced by the interested 
parties of the data providing apparatus. 
[0204] Also, the second module is distributed from the 
data distribution apparatus to the data processing ap- 
paratus in a format not depending upon on a predeter- 
mined communication protocol, so the compression 
method and encryption method etc. of the content data 
stored in the second module can be freely determined 
by the data providing apparatus. 

[0205] A data providing system of a 45th aspect of the 
present invention is a data providing system for provid- 
ing content data from a data providing apparatus to a 
data distribution apparatus, distributing the content data 
from the data distribution apparatus to a data processing 
apparatus, and managing the data providing apparatus, 
the data distribution apparatus, and the data processing 
apparatus by a management apparatus, wherein the 
management apparatus produces a key file storing en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
the data providing apparatus provides a first module 
storing a content file storing the content data encrypted 
by using the content key data and the key file received 
from the management apparatus to the data distribution 
apparatus, the data distribution apparatus distributes a 
second module storing the provided content file and the 
key file to the data processing apparatus by using a pre- 
determined communication protocol but in a format not 
depending upon the related communication protocol or 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
second module and determines the handling of the con- 
tent data stored in the distributed second module based 
on the related decrypted usage control policy data. 
[0206] Below, an explanation will be made of the 
mode of operation of the data providing system of the 
45th aspect of the present invention. 
[0207] In the management apparatus, the key file 
storing the encrypted content key data and the encrypt- 
ed usage control policy data indicating the handling of 



the content data is produced, and the related key file is 
sent to the data providing apparatus. 
[0208] Then, the first module storing the content file 
storing the content data encrypted by using the content 

5 key data and the key file received from the management 
apparatus is provided from the data providing apparatus 
to the data distribution apparatus. 
[0209] Then, the second module storing the provided 
content file and the key file is distributed from the data 

10 distribution apparatus to the data processing apparatus 
by using a predetermined communication protocol but 
in a format not depending upon the related communica- 
tion protocol or while being recorded on a storage me- 
dium. 

is [0210] Then, in the data processing apparatus, the 
content key data and the usage control policy data 
stored in the distributed second module are decrypted, 
and the handling of the content data stored in the dis- 
tributed second module is determined based on the re- 

20 lated decrypted usage control policy data. 

[0211] A data providing system of a 46th aspect of the 
present invention is a data providing system for provid- 
ing content data from a data providing apparatus to a 
data distribution apparatus, distributing the content data 

25 from the data distribution apparatus to a data processing 
apparatus, and managing the data providing apparatus, 
the data distribution apparatus, and the data processing 
apparatus by a management apparatus, wherein the 
management apparatus produces a key file storing en- 

30 crypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
the data providing apparatus provides a first module 
storing a content file containing the content data en- 
crypted by using the content key data and a key file re- 

35 ceived from the management apparatus to the data dis- 
tribution apparatus, the data distribution apparatus dis- 
tributes a second module storing the provided content 
file to the data processing apparatus by using a prede- 
termined communication protocol but in a format not de- 

40 pending upon the related communication protocol or re- 
cording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
second module and determines the handling of the con- 

^5 tent data stored in the distributed second module based 
on the related decrypted usage control policy data. 
[0212] Also, a data providing system of a 47th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 

s o to a first data distribution apparatus and a second data 
distribution apparatus, distributing the content data from 
the first data distribution apparatus and the second data 
distribution apparatus to a data processing apparatus, 
and managing the data providing apparatus, the first da- 

55 ta distribution apparatus, the second data distribution 
apparatus, and the data processing apparatus by a 
management apparatus, wherein the management ap- 
paratus produces a key fife storing encrypted content 



22 



BNSDOCID: <EP 



43 



EP 1 132 828 A1 



44 



key data and encrypted usage control policy data indi- 
cating the handling of the content data, the data provid- 
ing apparatus provides a first module storing a content 
file storing the content data encrypted by using the con- 
tent key data and the key file received from the manage- 
ment apparatus to the first data distribution apparatus 
and the second data distribution apparatus, the first data 
distribution apparatus distributes a second module stor- 
ing the provided content file and the key file to the data 
processing apparatus, the second data distribution ap- 
paratus distributes a third module storing the provided 
content file and the key file to the data processing ap- 
paratus, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed second module and the third 
module and determines the handling of the content data 
based on the related decrypted usage control policy da- 
ta. 

[0213] Also, a data providing system of a 48th aspect 
of the present invention is a data providing system for 
providing first content data from a first data providing 
apparatus to a data distribution apparatus, providing 
second content data from a second data providing ap- 
paratus to the data distribution apparatus, distributing 
the content data from the data distribution apparatus to 
a data processing apparatus, and managing the first da- 
ta providing apparatus, the second data providing ap- 
paratus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a first 
key file storing an encrypted first content key data and 
an encrypted first usage control policy data indicating 
the handling of the first content data and a second key 
file storing an encrypted second content key data and 
an encrypted second usage control policy data indicat- 
ing the handling of the second content data, the first data 
providing apparatus provides a first module storing a 
first content file storing the first content data encrypted 
by using the first content key data and the first key file 
received from the management apparatus to the data 
distribution apparatus, the second data providing appa- 
ratus provides a second module storing a second con- 
tent file storing the second content data encrypted by 
using the second content key data and the second key 
file received from the management apparatus to the da- 
ta distribution apparatus, the data distribution apparatus 
distributes a third module storing the provided first con- 
tent file, the first key file, the second content file, and the 
second key file to the data processing apparatus, and 
the data processing apparatus decrypts the first content 
key data, the second content key data, the first usage 
control policy data, and the second usage control policy 
data stored in the distributed third module, determines 
the handling of the first content data based on the relat- 
ed decrypted first usage control policy data, and deter- 
mines the handling of the second content data based 
on the related decrypted second usage control policy 
data. 



[0214] Also, a data providing system of a 49th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
5 data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus individually distrib- 
utes a content file storing the content data encrypted by 
using the content key data and the key file received from 
the management apparatus to the data distribution ap- 
paratus, the data distribution apparatus individually dis- 
tributes the distributed content file and the key file to the 
data processing apparatus by using a predetermined 
communication protocol but in a format not depending 
upon the related communication protocol or by record- 
ing the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0215] Also, a data providing system of a 50th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data processing apparatus and managing the data 
providing apparatus and the data processing apparatus 
by a management apparatus, wherein the management 
apparatus produces a key file storing encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data and distributes 
the related produced key file to the data processing ap- 
paratus, the data providing apparatus distributes a con- 
tent file storing the content data encrypted by using the 
content key data to the data distribution apparatus, the 
data distribution apparatus distributes the provided con- 
tent file to the data processing apparatus by using a pre- 
determined communication protocol but in a format not 
depending upon the related communication protocol or 
by recording the same on a storage medium, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key file and determines the handling of the con- 
tent data stored in the distributed content file based on 
the related decrypted usage control policy data. 
[0216] Also, a data providing system of a 51 st aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
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storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus provides a first mod- 
ule storing the content data encrypted by using the con- 
tent key data and the key file received from the manage- 
ment apparatus to the data distribution apparatus, the 
data distribution apparatus distributes a second module 
storing the provided content data and the key file to the 
data processing apparatus by using a predetermined 
communication protocol but in a format not depending 
upon the related communication protocol or by record- 
ing the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
second module and determines the handling of the con- 
tent data stored in the distributed second module based 
on the related decrypted usage control policy data. 
[0217] Also, a data providing system of a 52nd aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus produces a key file 
storing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, the data providing apparatus individually distrib- 
utes the content data encrypted by using the content key 
data and the key file received from the management ap- 
paratus to the data distribution apparatus, the data dis- 
tribution apparatus individually distributes the distribut- 
ed content data and the key file to the data distribution 
apparatus by using a predetermined communication 
protocol but in a format not depending upon the related 
communication protocol or by recording the same on a 
storage medium, and the data processing apparatus de- 
crypts the content key data and the usage control policy 
data stored in the distributed key file and determines the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0218] Also, a data providing system of a 53rd aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data processing apparatus, and managing the data 
providing apparatus and the data processing apparatus 
by a management apparatus, wherein the management 
apparatus produces a key file storing encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data and distributes 
the related produced key file to the data processing ap- 
paratus, the data providing apparatus distributes the 
content data encrypted by using the content key data to 
the data distribution apparatus, the data distribution ap- 
paratus distributes the provided content data to the data 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 



the related communication protocol or by recording the 
same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the distributed key file and 
determines the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 

[0219] Also, a data providing system of a 54th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus provides encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data to the 
data providing apparatus, the data providing apparatus 
individually distributes the content data encrypted by us- 
ing the content key data and the encrypted content key 
data and the encrypted usage control policy data re- 
ceived from the management apparatus to the data dis- 
tribution apparatus, the data distribution apparatus dis- 
tributes the distributed content data, the encrypted con- 
tent key data, and the encrypted usage control policy 
data to the data distribution apparatus by using a pre- 
determined communication protocol but in a format not 
depending upon the related communication protocol or 
recording the same on a storage medium, and the data 
processing apparatus decrypts the distributed content 
key data and the usage control policy data and deter- 
mines the handling of the distributed content data based 
on the related decrypted usage control policy data. 
[0220] Also, a data providing system of a 55th aspect 
of the present invention is a data providing system for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
wherein the management apparatus provides encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data to the 
data processing apparatus, the data providing appara- 
tus provides the content data encrypted by using the 
content key data to the data distribution apparatus, the 
data distribution apparatus distributes the distributed 
provided content data to the data processing apparatus 
by using a predetermined communication protocol but 
in a format not depending upon the related communica- 
tion protocol or recording the same on a storage medi- 
um, and the data processing apparatus decrypts the dis- 
tributed content key data and the usage control policy 
data and determines the handling of the distributed con- 
tent data based on the related decrypted usage control 
policy data. 
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[0221] Also, a data providing system of a 56th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 
provides master source data of content to the manage- 
ment apparatus, the management apparatus manages 
the data providing apparatus, the data distribution ap- 
paratus, and the' data processing apparatus, encrypts 
the provided master source data by using content key 
data to produce content data,, produces a content file 
storing the related content data, produces a key file stor- 
ing the encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, and provides the content file and the key file to the 
data distribution apparatus, the data distribution appa- 
ratus distributes the provided content file and the key 
file to the data processing apparatus by using a prede- 
termined communication protocol but in a format not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0222] Also, in the data providing system of the 56th 
aspect of the present invention, preferably the manage- 
ment apparatus produces a first module storing the con- 
tent file and the key file and provides the related first 
module to the data distribution apparatus, and the data 
distribution apparatus produces a second module stor- 
ing the content file and the key file stored in the first mod- 
ule and distributes the related second module to the da- 
ta processing apparatus. 

[0223] Also, in the data providing system of the 56th 
aspect of the present invention, preferably the manage- 
ment apparatus has at least one database among a da- 
tabase for storing and managing the content file, a da- 
tabase for storing and managing the key file, and a da- 
tabase for storing and managing the usage control pol- 
icy data and centrally manages at least one among the 
content file, the key file, and the usage control policy 
data by using a content identifier uniquely allocated to 
the content data. 

[0224] Also, a data providing system of a 57th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 
provides master source data of content to the manage- 
ment apparatus, the management apparatus manages 
the data providing apparatus, the data distribution ap- 
paratus, and the data processing apparatus, encrypts 
the provided master source data by using content key 
data to produce content data, produces a content file 
storing the related content data, produces a key file stor- 
ing the encrypted content key data and encrypted usage 



control policy data indicating the handling of the content 
data, and provides the content file to the data distribution 
apparatus and provides the key file to the data process- 
ing apparatus, the data distribution apparatus distrib- 

5 utes the provided content file to the data processing ap- 
paratus by using a predetermined communication pro- 
tocol but in a format not depending upon the related 
communication protocol or recording the same on a 
storage medium, and the data processing apparatus de- 

10 crypts the content key data and the usage control policy 
data stored in the provided key file and determines the 
handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

*5 [0225] Also, a data providing system of a 58th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 

20 provides a content file storing encrypted content data 
using content key data to the management apparatus, 
the management apparatus manages the data provid- 
ing apparatus, the data distribution apparatus, and the 
data processing apparatus, produces a key file storing 

25 the encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, and provides the content file provided from the da- 
ta providing apparatus and the produced key file to the 
data distribution apparatus, the data distribution appa- 

30 ratus distributes the provided content file and the key 
file to the data processing apparatus by using a prede- 
termined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 

35 processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 

40 [0226] Also, a data providing system of a 59th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data process- 
ing apparatus, wherein the data providing apparatus 

45 provides a content file storing encrypted content data 
using content key data to the management apparatus, 
the management apparatus manages the data provid- 
ing apparatus, the data distribution apparatus, and the 
data processing apparatus, produces a key file storing 

so the encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, provides the content file provided from the data 
providing apparatus to the data distribution apparatus, 
and provides the produced key file to the data process- 
es jng apparatus, the data distribution apparatus distrib- 
utes the provided content file to the data processing ap- 
paratus by using a predetermined communication pro- 
tocol but in a format not depending upon the related 
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communication protocol or by recording the same on a 
storage medium, and the data processing apparatus de- 
crypts the content key data and the usage control policy 
data stored in the provided key file and determines the 
handling of the content data stored in the distributed 5 
content file based on the related decrypted usage con- 
trol policy data. 

[0227] Also, a data providing system of a 60th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- w 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encrypts content data by using content 
key data, produces a content file storing the related en- 
crypted content data, and stores the related produced *s 
content file and a key file provided from the manage- 
ment apparatus in the database device, the manage- 
ment apparatus produces a key file storing the encrypt- 
ed content key data and encrypted usage control policy 
data indicating the handling of the content data and pro- 20 
vides the related produced key file to the data providing 
apparatus, the data distribution apparatus distributes 
the content file and key file obtained from the database 
device to the data processing apparatus by using a pre- 
determined communication protocol but in a format not 25 
depending upon the related communication protocol or 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 30 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0228] Also, a data providing system of a 61st aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 35 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encrypts content data by using content 
key data, produces a content file storing the related en- 
crypted content data, and stores the related produced 40 
content file in the database device, the management ap- 
paratus produces a key file storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data and provides 
the related produced key file to the data providing ap- 45 
paratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 
key file provided from the data distribution apparatus to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- so 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 55 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0229] Also, a data providing system of a 62nd aspect 



of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, a management apparatus, a database device, 
and a data processing apparatus, wherein the data pro- 
viding apparatus encrypts content data by using content 
key data, produces a content file storing the related en- 
crypted content data, and stores the related produced 
contentf ile in the database device, the management ap- 
paratus produces a key file storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data and provides 
the related produced key file to the data processing ap- 
paratus, the data distribution apparatus distributes the 
content file obtained from the database device to the da- 
ta processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the provided key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0230] Also, a data providing system of a 63rd aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files and key files 
provided from corresponding management apparatus- 
es in the database device, the management apparatus- 
es produce key files storing the encrypted content key 
data and encrypted usage control policy data indicating 
the handling of the content data for the content data pro- 
vided by corresponding data providing apparatuses and 
provide the related produced key files to corresponding 
data providing apparatuses, the data distribution appa- 
ratus distributes the content files and key files obtained 
from the database device to the data processing appa- 
ratus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 
nication protocol or recording the same on a storage me- 
dium, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the distributed key files and determines the 
handling of the content data stored in the distributed 
content files based on the related decrypted usage con- 
trol policy data. 

[0231] Also, a data providing system of a 64th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
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files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 
storing the encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data for the content data provided by corre- 
sponding data providing apparatuses and provide the 
related produced key files to the data distribution appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device and the 
key files provided from the management apparatuses to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key files and determines the handling of the content data 
stored in the distributed content files based on the relat- 
ed decrypted usage control policy data. 
[0232] Also, a data providing system of a 65th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 
storing the encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data for the content data provided by corre- 
sponding data providing apparatuses and provide the 
related produced key files to the data processing appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device to the 
data processing apparatus by using a predetermined 
communication protocol but in a format not depending 
upon the related communication protocol or recording 
the same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the provided key files and 
determines the handling of the content data stored in 
the distributed content files based on the related de- 
crypted usage control policy data. 
[0233] Also, a data providing system of a 66th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files and key 
files received from the related management apparatus- 
es in the database, the management apparatuses en- 
crypt the master sources received from corresponding 
data providing apparatuses by using content key data, 



produce content files storing the related encrypted con- 
tent data, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 

s tent data provided by corresponding data providing ap- 
paratuses, and send the produced content files and the 
produced key files to corresponding data providing ap- 
paratuses, the data distribution apparatus distributes 
the content files and key files obtained from the data- 

10 base device to the data processing apparatus by using 
a predetermined communication protocol but in a format 
not depending upon the related communication protocol 
or by recording the same on a storage medium, and the 
data processing apparatus decrypts the content key da- 

15 ta and the usage control policy data stored in the dis- 
tributed key files and determines the handling of thecon- 
tent data stored in the distributed content files based on 
the related decrypted usage control policy data. 
[0234] Also, a data providing system of a 67th aspect 

20 of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 

25 master sources of content data to corresponding man- 
agement apparatuses and store content files received 
from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 

30 paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 
related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 

35 indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the related produced key files pro- 
vided from the management apparatuses to corre- 
sponding data distribution apparatus, the data distribu- 
te tion apparatus distributes the content files obtained from 
the database device and key files provided from the 
management apparatuses to the data processing appa- 
ratus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 

45 nication protocol or by recording the same on a storage 
medium, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key files and determines the 
handling of the content data stored in the distributed 

50 content files based on the related decrypted usage con- 
trol policy data. 

[0235] Also, a data providing system of a 68th aspect 
of the present invention is a data providing system hav- 
ing a plurality of data providing apparatuses, a data dis- 
55 tribution apparatus, a plurality of management appara- 
tuses, a database device, and a data processing appa- 
ratus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
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agement apparatuses and store content files received 
from the related management apparatuses in the data- 
base ; the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce content 5 
files storing the related encrypted content data, send the 
related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 10 
tent data provided by corresponding data providing ap- 
paratuses, and send the related produced key files to 
the data processing apparatus, the data distribution ap- 
paratus distributes the content files obtained from the 
database device to the data processing apparatus by is 
using a predetermined communication protocol but in a 
format not depending upon the related communication 
protocol or by recording the same on a storage medium, 
and the data processing apparatus decrypts the content 
key data and the usage control policy data stored in the 20 
distributed key files and determines the handling of the 
content data stored in the provided content files based 
on the related decrypted usage control policy data. 
[0236] Also, a data providing system of a 69th aspect 
of the present invention is a data providing system hav- 25 
ing a data providing apparatus, a data distribution ap- 
paratus, and a data processing apparatus, wherein the 
data providing apparatus provides a first module storing 
content data encrypted by using content key data, the 
encrypted content key data, and encrypted usage con- 30 
trol policy data indicating the handling of the content da- 
ta to the data distribution apparatus, performs charge 
processing in units of the content data based on log data 
received from the data processing apparatus, and per- 
forms a profit distribution processing for distributing the 35 
profit paid by interested parties of the data processing 
apparatus to interested parties of the related data pro- 
viding apparatus and interested parties of the data dis- 
tribution apparatus, the data distribution apparatus dis- 
tributes a second module storing the encrypted content 40 
data, content key data, and usage control policy data 
stored in the provided first module to the data process- 
ing apparatus by using a predetermined communication 
protocol but in a format not depending upon the related 
communication protocol or by recording the same on a 45 
storage medium, and the data processing apparatus de- 
crypts the content key data and the usage control policy 
data stored in the distributed module, determines the 
handling of the content data based on the related de- 
crypted usage control policy data, produces the log data so 
for the handling of the related content data, and sends 
the related log data to the data providing apparatus. 
[0237] Also, a data providing system of a 70th aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 55 
paratus, and a management apparatus, wherein the da- 
ta providing apparatus provides content data, the data 
distribution apparatus distributes the content file provid- 



ed from the data providing apparatus or a content file in 
accordance with the content data provided by the data 
providing apparatus provided from the management ap- 
paratus to the data processing apparatus, and the data 
processing apparatus decrypts the usage control policy 
data stored in a key file received from the data distribu- 
tion apparatus or the management apparatus, deter- 
mines the handling of the content data stored in the con- 
tent file received from the data distribution apparatus or 
the management apparatus based on the related de- 
crypted usage control policy data, and further distributes 
the content file and key file received from the data dis- 
tribution apparatus or the management apparatus to the 
other data processing apparatus. 
[0238] Also, a data providing method of a 34th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus, comprising the 
steps of distributing a module storing the content data 
encrypted by using content key data, the encrypted con- 
tent key data, and encrypted usage control policy data 
indicating the handling of the content data from the data 
providing apparatus to the data processing apparatus 
by using a predetermined communication protocol but 
in a format not depending upon the related communica- 
tion protocol or recording the same on a storage medi- 
um, and in the data processing apparatus, decrypting 
the content key data and the usage control policy data 
stored in the distributed module and determining the 
handling of the content data based on the related de- 
crypted usage control policy data. 
[0239] Also, a data providing method of a 35h aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, distributing the produced key file from the 
management apparatus to the data providing appara- 
tus, and distributing a module storing a content file stor- 
ing the content data encrypted by using the content key 
data and the key file distributed from the management 
apparatus from the data providing apparatus to the data 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and in the data processing 
apparatus, decrypting the content key data and the us- 
age control policy data stored in the distributed module 
and determining the handling of the content data based 
on the related decrypted usage control policy data. 
[0240] Also, a data providing method of a 36th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
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data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, in the data providing apparatus, distribut- 
ing a module storing a contentfile containing the content 
data encrypted by using the content key data and a key 
file received from the management apparatus to the da- 
ta processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and in the data processing 
apparatus, decrypting the content key data and the us- 
age control policy data stored in the distributed module 
and determining the handling of the content data based 
on the related decrypted usage control policy data. 
[0241 ] Also, a data providing method of a 37th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, distributing the related produced key file 
from the management apparatus to the data providing 
apparatus, and individually distributing a content file 
storing the content data encrypted by using the content 
key data and the key file distributed from the manage- 
ment apparatus from the data providing apparatus to the 
data processing apparatus by using a predetermined 
communication protocol but in a format not depending 
upon the related communication protocol or recording 
the same on a storage medium, and in the data process- 
ing apparatus, decrypting the content key data and the 
usage control policy data stored in the distributed key 
file and determining the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0242] Also, a data providing method of a 38th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus : preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, distributing the related produced key file 
from the management apparatus to the data processing 
apparatus, and distributing a content file storing the con- 
tent data encrypted by using the content key data from 
the data providing apparatus to the data processing ap- 
paratus by using a predetermined communication pro- 
tocol but in a format not depending upon the related 
communication protocol or recording the same on a 



storage medium, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed key file and deter- 
mining the handling of the content data stored in the dis- 
5 tributed content file based on the related decrypted us- 
age control policy data. 

[0243] Also, a data providing method of a 39th aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 

10 tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 

'5 usage control policy data indicating the handling of the 
content data, in the data providing apparatus, distribut- 
ing a module storing the content data encrypted by using 
the content key data and the key file received from the 
management apparatus to the data processing appara- 

20 tus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 
nication protocol or recording the same on a storage me- 
dium, and in the data processing apparatus, decrypting 
the content key data and the usage control policy data 

25 stored in the distributed module and determining the 
handling of the content data based on the related de- 
crypted usage control policy data. 
[0244] Also, a data providing method of a 40th aspect 
of the present invention is a data providing method for 

30 distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 

35 file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data, in the data providing apparatus, individu- 
ally distributing the content data encrypted by using the 
content key data and the key file received from the man- 
agement apparatus to the data processing apparatus by 
using a predetermined communication protocol but in a 
format not depending upon the related communication 
protocol or recording the same on a storage medium, 
and in the data processing apparatus, decrypting the 

45 content key data and the usage control policy data 
stored in the distributed key file and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0245] Also, a data providing method of a 41 st aspect 

so of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 

55 steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data and distributing the related produced key 
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file to the data processing apparatus, in the data provid- 
ing apparatus, distributing the content data encrypted 
by using the content key data to the data processing ap- 
paratus by using a predetermined communication pro- 
tocol but in a format not depending upon the related 5 
communication protocol or recording the same on a 
storage medium, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed key file and deter- 
mining the handling of the distributed content data 10 
based on the related decrypted usage control policy da- 
ta. 

[0246] Also, a data providing method of a 42nd aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- is 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing en- 
crypted content key data and encrypted usage control 20 
policy data indicating the handling of the content data, 
in the data providing apparatus, individually distributing 
the content data encrypted by using the content key data 
and the encrypted content key data and the encrypted 
usage control policy data received from the manage- 25 
ment apparatus to the data processing apparatus by us- 
ing a predetermined communication protocol but in a 
format not depending upon the related communication 
protocol or recording the same on a storage medium, 
and in the data processing apparatus, decrypting the 30 
distributed content key data and the usage control policy 
data and determining the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 

[0247] Also, a data providing method of a 43rd aspect 35 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 40 
steps of, in the management apparatus, preparing en- 
crypted content key data and encrypted usage control 
policy data indicating the handling of the content data 
and distributing the same to the data processing appa- 
ratus, in the data providing apparatus : distributing the 45 
content data encrypted by using the content key data to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and in the data so 
processing apparatus, decrypting the distributed con- 
tent key data and the usage control policy data and de- 
termining the handling of the distributed content data 
based on the related decrypted usage control policy da- 
ta. 55 
[0248] Also, a data providing method of a 44th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 



tus, and a data processing apparatus, comprising the 
steps of providing a first module storing content data en- 
crypted by using content key data, encrypted the con- 
tent key data, and encrypted usage control policy data 
indicating the handling of the content data from the data 
providing apparatus to the data distribution apparatus, 
distributing a second module storing the encrypted con- 
tent data, content key data, and the usage control policy 
data stored in the provided the first module from the data 
distribution apparatus to the data processing apparatus 
by using the content key data to the data processing ap- 
paratus by using a predetermined communication pro- 
tocol but in a format not depending upon the related 
communication protocol or recording the same on a 
storage medium, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed second module and 
determining the handling of the content data based on 
the related decrypted usage control policy data. 
[0249] Also, a data providing method of a 45th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, distributing the related pro- 
duced key file from the management apparatus to the 
data providing apparatus, providing a first module stor- 
ing a content file storing the content data encrypted by 
using the content key data and the key file received from 
the management apparatus from the data providing ap- 
paratus to the data distribution apparatus, and distribut- 
ing a second module storing the provided content file 
and the key file from the data distribution apparatus to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or re- 
cording the same on a storage medium, and in the data 
processing apparatus, decrypting the content key data 
and the usage control policy data stored in the distrib- 
uted second module and determining the handling of the 
content data stored in the distributed second module 
based on the related decrypted usage control policy da- 
ta. 

[0250] Also, a data providing method of a 46th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
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preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, providing a first module storing a content file 
containing the content data encrypted by using the con- 
tent key data and a key file received from the manage- 
ment apparatus to the data distribution apparatus, in the 
data distribution apparatus, distributing a second mod- 
ule storing the provided content file to the data process- 
ing apparatus by using a predetermined communication 
protocol but in a format not depending upon the related 
communication protocol or recording the same on a 
storage medium, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed second module and 
determining the handling of the content data stored in 
the distributed second module based on the related de- 
crypted usage control policy data. 
[0251 ] Also, a data providing method of a 47th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, distributing the produced 
key file from the management apparatus to the data pro- 
viding apparatus, individually providing a content file 
storing the content data encrypted by using the content 
key dataand the key file received from the management 
apparatus from the data providing apparatus to the data 
distribution apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and individually distributing 
the distributed content file and the key file from the data 
distribution apparatus to the data distribution apparatus, 
and in the data processing apparatus, decrypting the 
content key data and the usage control policy data 
stored in the distributed key file and determining the 
handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

[0252] Also, a data providing method of a 48th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus and managing the data 
providing apparatus and the data processing apparatus 
by a management apparatus, comprising the steps of, 
in the management apparatus, preparing a key file stor- 
ing encrypted content key data and encrypted usage 
control policy data indicating the handling of the content 
data, distributing the related produced key file from the 
management apparatus to the data processing appara- 



tus, providing a content file storing the content data en- 
crypted by using the content key data from the data pro- 
viding apparatus to the data distribution apparatus, dis- 
tributing the provided content file from the data distribu- 

s tion apparatus to the data processing apparatus by us- 
ing a predetermined communication protocol but in a 
format not depending upon the related communication 
protocol or recording, the same on a storage medium, 
and in the data processing apparatus, decrypting the 

10 content key data and the usage control policy data 
stored in the distributed key file and determining the 
handling of the content data stored in the distributed 
content file based on the related decrypted usage con- 
trol policy data. 

is [0253] Also, a data providing method of a 49th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 

20 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 

25 and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, providing a first module storing the content data 
encrypted by using the content key data and the key file 
received from the management apparatus to the data 

30 distribution apparatus, in the data distribution appara- 
tus, distributing a second module storing the provided 
content data and the key file to the data processing ap- 
paratus by using a predetermined communication pro- 
tocol but in a format not depending upon the related 

35 communication protocol or recording the same on. a 
storage medium, and in the data processing apparatus, 
decrypting the content key data and the usage control 
policy data stored in the distributed second module and 
determining the handling of the content data stored in 

40 the distributed second module based on the related de- 
crypted usage control policy data. 
[0254] Also, a data providing method of a 50th aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 

45 to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 

50 comprising the steps of, in the management apparatus, 
preparing a key file storing encrypted content key data 
and encrypted usage control policy data indicating the 
handling of the content data, in the data providing ap- 
paratus, individually providing the content data encrypt- 

55 ed by using the content key data and the key file re- 
ceived from the management apparatus to the data dis- 
tribution apparatus, in the data distribution apparatus, 
individually distributing the distributed content data and 
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the key file to the data distribution apparatus by using a 
predetermined communication protocol but in a format 
not depending upon the related communication protocol 
or recording the same on a storage medium, and in the 
data processing apparatus, decrypting the content key 
data and the usage control policy data stored in the dis- 
tributed key file and determining the handling of the dis- 
tributed content data based on the related decrypted us- 
age control policy data. 

[0255] Also, a data providing method of a 51st aspect 
of the present invention is a data providing method for 
distributing content data from a data providing appara- 
tus to a data processing apparatus and managing the 
data providing apparatus and the data processing ap- 
paratus by a management apparatus, comprising the 
steps of, in the management apparatus, preparing a key 
file storing encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data and distributing the related produced key 
file to the data processing apparatus, in the data provid- 
ing apparatus, providing the content data encrypted by 
using the content key data to the data distribution appa- 
ratus, in the data distribution apparatus, distributing the 
provided content data to the data processing apparatus, 
and in the data processing apparatus, decrypting the 
content key data and the usage control policy data 
stored in the distributed key file and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0256] Also, a data providing method of a 52nd aspect 
of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
providing encrypted content key data and encrypted us- 
age control policy data indicating the handling of the 
content data to the data providing apparatus, in the data 
providing apparatus, individually distributing the content 
data encrypted by using the content key data and the 
encrypted content key data and the encrypted usage 
control policy data received from the management ap- 
paratus to the data distribution apparatus, in the data 
distribution apparatus, individually distributing the dis- 
tributed content data, the encrypted content key, data, 
and the encrypted usage control policy data to the data 
distribution apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or recording the 
same on a storage medium, and in the data processing 
apparatus, decrypting the distributed content key data 
and the usage control policy data and determining the 
handling of the distributed content data based on the 
related decrypted usage control policy data. 
[0257] Also, a data providing method of a 53rd aspect 



of the present invention is a data providing method for 
providing content data from a data providing apparatus 
to a data distribution apparatus, distributing the content 
data from the data distribution apparatus to a data 
5 processing apparatus, and managing the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus by a management apparatus, 
comprising the steps of, in the management apparatus, 
distributing encrypted content key data and encrypted 
10 usage control policy data indicating the handling of the 
content data to the data processing apparatus, in the 
data providing apparatus, providing the content data en- 
crypted by using the content key data to the data distri- 
bution apparatus, the data distribution apparatus distrib- 

15 uting the provided content data to the data processing 
apparatus by using a predetermined communication 
protocol but in a format not depending upon the related 
communication protocol by recording the same on a 
storage medium, and in the data processing apparatus, 

20 decrypting the distributed content key data and the us- 
age control policy data and determining the handling of 
the distributed content data based on the related de- 
crypted usage control policy data. 
[0258] Also, a data providing method of a 54th aspect 

25 of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides master source data of content to the management 

30 apparatus, the management apparatus manages the 
data providing apparatus, the data distribution appara- 
tus, and the data processing apparatus, encrypts the 
provided master source data by using content key data 
to produce content data, produces a content file storing 

35 the related content data, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 
and provides the content file and the key file to the data 
distribution apparatus, the data distribution apparatus 

40 distributes the provided content file and the key file to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 

^5 processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 

50 [0259] Also, a data providing method of a 55th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 

55 vides master source data of content to the management 
apparatus, the management apparatus manages the 
data providing apparatus, the data distribution appara- 
tus, and the data processing apparatus, encrypts the 
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provided master source data by using content key data 
to produce content data, produces a content file storing 
the related content data, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 5 
and provides the content file to the data distribution ap- 
paratus and provides the key file to the data processing 
apparatus, the data distribution apparatus distributes 
the provided content file to the data processing appara- 
tus by using a predetermined communication protocol 10 
but in a format not depending upon the related commu- 
nication protocol or by recording the same on a storage 
medium, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the provided key file and determines the nan- '5 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 
data. 

[0260] Also, a data providing method of a 56th aspect 
of the present invention is a data providing method using 20 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides a content file storing encrypted content data using 
content key data to the management apparatus, the 25 
management apparatus manages the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 30 
and provides the content file provided from the data pro- 
viding apparatus and the produced key file to the data 
distribution apparatus, the data distribution apparatus 
distributes the provided content file and the key file to 
the data processing apparatus by using a predeter- 35 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 40 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0261] Also, a data providing method of a 57th aspect 
of the present invention is a data providing method using 45 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, and a data processing 
apparatus, wherein the data providing apparatus pro- 
vides a content file storing encrypted content data using 
content key data to the management apparatus, the so 
management apparatus manages the data providing 
apparatus, the data distribution apparatus, and the data 
processing apparatus, produces a key file storing the 
encrypted content key data and encrypted usage control 
policy data indicating the handling of the content data, 55 
provides the content file provided from the data provid- 
ing apparatus to the data distribution apparatus and pro- 
vides the produced key file to the data processing ap- 



paratus, the data distribution apparatus distributes the 
provided content file to the data processing apparatus 
by using a predetermined communication protocol but 
in a format not depending upon the related communica- 
tion protocol or by recording the same on a storage me- 
dium, and the data processing apparatus decrypts the 
content key data and the usage control policy data 
stored in the provided key file and determines the han- 
dling of the content data stored in the distributed content 
file based on the related decrypted usage control policy 
data. 

[0262] Also, a data providing method of a 58th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 
apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 
ed content data, and stores the related produced con- 
tent file and a key file provided from the management 
apparatus in the database device, the management ap- 
paratus produces a key file storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data and provides 
the related produced key file to the data providing ap- 
paratus, the data distribution apparatus distributes the 
content file and key file obtained from the database de- 
vice to the data processing apparatus by using a prede- 
termined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0263] Also, a data providing method of a 59th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 
apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 
ed content data, and stores the related produced con- 
tent file in the database device, the management appa- 
ratus produces a key file storing the encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data and provides the 
related produced key file to the data distribution appa- 
ratus, the data distribution apparatus distributes the 
content file obtained from the database device and the 
key file provided from the data distribution apparatus to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
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key file and determines the handling of the content data 
stored in the distributed content file based on the related 
decrypted usage control policy data. 
[0264] Also, a data providing method of a 60th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
tus, a management apparatus, a database device, and 
a data processing apparatus, wherein the data providing 
apparatus encrypts content data by using content key 
data, produces a content file storing the related encrypt- 
ed content data, and stores the related produced con- 
tent file in the database device, the management appa- 
ratus produces a key file storing the encrypted content 
key data and encrypted usage control policy data indi- 
cating the handling of the content data and provides the 
related produced key file to the data processing appa- 
ratus, the data distribution apparatus distributes the 
content file obtained from the database device to the da- 
ta processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or by recording the 
same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 
control policy data stored in the provided key file and 
determines the handling of the content data stored in 
the distributed content file based on the related decrypt- 
ed usage control policy data. 

[0265] Also, a data providing method of a 61 st aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files and key files 
provided from corresponding management apparatus- 
es in the database device, the management apparatus- 
es produce key files storing the encrypted content key 
data and encrypted usage control policy data indicating 
the handling of the content data for the content data pro- 
vided by corresponding data providing apparatuses and 
provide the related produced key files to corresponding 
data providing apparatuses, the data distribution appa- 
ratus distributes the content files and key files obtained 
from the database device to the data processing appa- 
ratus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 
nication protocol or by recording the same on a storage 
medium, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key files and determines the 
handling of the content data stored in the distributed 
content files based on the related decrypted usage con- 
trol policy data. 

[0266] Also, a data providing method of a 62nd aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 



bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
5 files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 
storing the encrypted content key data and encrypted 
usage control policy data indicating the handling of the 

10 content data for the content data provided by corre- 
sponding data providing apparatuses and provide the 
related produced key files to the data distribution appa- 
ratus, the data distribution apparatus distributes the 
content files obtained from the database device and the 

'5 key files provided from the management apparatuses to 
the data processing apparatus by using a predeter- 
mined communication protocol but in a format not de- 
pending upon the related communication protocol or by 
recording the same on a storage medium, and the data 

20 processing apparatus decrypts the content key data and 
the usage control policy data stored in the distributed 
key files and determines the handling of the content data 
stored in the distributed content files based on the relat- 
ed decrypted usage control policy data. 

25 [0267] Also, a data providing method of a 63rd aspect 
of the present i nvention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 

30 tus, wherein the data providing apparatuses encrypt 
content data by using content key data, produce content 
files storing the related encrypted content data, and 
store the related produced content files in the database 
device, the management apparatuses produce key files 

35 storing the encrypted content key data and encrypted 
usage control policy data indicating the handling of the 
content data for the content data provided by corre- 
sponding data providing apparatuses and provide the 
related produced key files to the data processing appa- 

40 ratus, the data distribution apparatus distributes the 
content files obtained from the database device to the 
data processing apparatus by using a predetermined 
communication protocol but in a format not depending 
upon the related communication protocol or by record - 

45 mg the same on a storage medium, and the data 
processing apparatus decrypts the content key data and 
the usage control policy data stored in the provided key 
files and determines the handling of the content data 
stored in the distributed content files based on the relat- 

50 ed decrypted usage control policy data. 

[0268] Also, a data providing method of a 64th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 

55 es, a database device : and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files and key 
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files received from the related management apparatus- 
es in the database, the management apparatuses en- 
crypt the master sources received from corresponding 
data providing apparatuses by using content key data, 
produce content files storing the related encrypted con- 
tent data, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, and send the produced content files and the 
produced key files to corresponding data providing ap- 
paratuses, the data distribution apparatus distributes 
the content files and key files obtained from the data- 
base device to the data processing apparatus by using 
a predetermined communication protocol but in aformat 
not depending upon the related communication protocol 
or by recording the same on a storage medium, and the 
data processing apparatus decrypts the content key da- 
ta and the usage control policy data stored in the dis- 
tributed key files and determines the handling of the con- 
tent data stored in the distributed content files based on 
the related decrypted usage control policy data. 
[0269] Also, a data providing method of a 65th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 
es, a database device, and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files received 
from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 
related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 
paratuses, send the related produced key files to corre- 
sponding data distribution apparatus, the data distribu- 
tion apparatus distributes the content files obtained from 
the database device and the key files provided from the 
management apparatuses to the data processing appa- 
ratus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 
nication protocol or by recording the same on a storage 
medium, and the data processing apparatus decrypts 
the content key data and the usage control policy data 
stored in the distributed key files and determines the 
handling of the content data stored in the distributed 
content files based on the related decrypted usage con- 
trol policy data. 

[0270] Also, a data providing method of a 66th aspect 
of the present invention is a data providing method using 
a plurality of data providing apparatuses, a data distri- 
bution apparatus, a plurality of management apparatus- 



es, a database device : and a data processing appara- 
tus, wherein the data providing apparatuses provide 
master sources of content data to corresponding man- 
agement apparatuses and store content files received 

5 from the related management apparatuses in the data- 
base, the management apparatuses encrypt the master 
sources received from corresponding data providing ap- 
paratuses by using content key data, produce content 
files storing the related encrypted content data, send the 

10 related produced content files to the data providing ap- 
paratuses, produce key files storing the encrypted con- 
tent key data and encrypted usage control policy data 
indicating the handling of the content data for the con- 
tent data provided by corresponding data providing ap- 

*5 paratuses, and provide the related produced key files to 
the data processing apparatus, the data distribution ap- 
paratus distributes the content files obtained from the 
database device to the data processing apparatus by 
using a predetermined communication protocol but in a 

20 format not depending upon the related communication 
protocol or by recording the same on a storage medium, 
and the data processing apparatus decrypts the content 
key data and the usage control policy data stored in the 
provided key files and determines the handling of the 

25 content data stored in the distributed content files based 
on the related decrypted usage control policy data. 
[0271 ] Also, a data providing method of a 67th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 

30 tus, and a data processing apparatus, wherein the data 
providing apparatus provides a first module storing con- 
tent data encrypted by using content key data, the en- 
crypted content key data, and encrypted usage control 
policy data indicating the handling of the content data to 

35 the data distribution apparatus, performs charge 
processing in units of the content data based on log data 
received from the data processing apparatus, performs 
profit distribution processing for distributing the profit 
paid by interested parties of the data processing appa- 

40 ratus to interested parties of the related data providing 
apparatus and interested parties of the data distribution 
apparatus, the data distribution apparatus distributes a 
second module storing the encrypted content data, con- 
tent key data and usage control policy data stored in the 

45 provided first module to the data processing apparatus 
by using a predetermined communication protocol but 
in a format not depending upon the related communica- 
tion protocol or by recording the same on a storage me- 
dium, and the data processing apparatus decrypts the 

so content key data and the usage control policy data 
stored in the distributed module, determines the han- 
dling of the content data based on the related decrypted 
usage control policy data, produces the log data for the 
handling of the related content data and sends the re- 

55 lated log data to the data providing apparatus. 

[0272] Also, a data providing method of a 68th aspect 
of the present invention is a data providing method using 
a data providing apparatus, a data distribution appara- 
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tus, a data processing apparatus, and a management 
apparatus, wherein the data providing apparatus pro- 
vides content data, the data distribution apparatus dis- 
tributes the content file provided from the data providing 
apparatus or a content file in accordance with the con- 5 
tent data provided by the data providing apparatus re- 
ceived from the management apparatus to the data 
processing apparatus, and the data processing appara- 
tus decrypts the usage control policy data stored in the 
key file received from the data distribution apparatus or 10 
the management apparatus, determines the handling of 
the content data stored in the content file received from 
the data distribution apparatus or the management ap- 
paratus based on the related decrypted usage control 
policy data : and further distributes the content file and 15 
key file received from the data distribution apparatus or 
the management apparatus to the other data processing 
apparatus. 

[0273] Also, a data providing system of a 71 st aspect 
of the present invention is a data providing system for 20 
distributing content data from a data providing appara- 
tus to a data processing apparatus, wherein the data 
providing apparatus distributes a module storing con- 
tent data encrypted by using content key data, the en- 
crypted content key data, and encrypted usage control 25 
policy data indicating the handling of the content data in 
a format not depending upon at least one among exist- 
ence of a compression of the content data, a compres- 
sion method, a method of the encryption, and parame- 
ters of a signal giving the content data to the data 30 
processing apparatus by using a predetermined com- 
munication protocol but in a format not depending upon 
the related communication protocol or by recording the 
same on a storage medium, and the data processing 
apparatus decrypts the content key data and the usage 35 
control policy data stored in the distributed module and 
determines the handling of the content data based on 
the related decrypted usage control policy data. 
[0274] Also, a data providing system of a 72nd aspect 
of the present invention is a data providing system hav- 40 
ing a data providing apparatus, a data distribution ap- 
paratus, and a data processing apparatus, wherein the 
data providing apparatus distributes a first module stor- 
ing content data encrypted by using content key data, 
the encrypted content key data, and encrypted usage 45 
control policy data indicating the handling of the content 
data in a format not depending upon at least one among 
existence of compression of the content data, a com- 
pression method, a method of the encryption, and pa- 
rameters of a signal giving the content data to the data so 
distribution apparatus, the data distribution apparatus 
distributes a second module storing the encrypted con- 
tent data, content key data, and the usage control policy 
data stored in the provided first module to the data 
processing apparatus by using a predetermined com- 55 
munication protocol but in a format not depending upon 
the related communication protocol or by recording the 
same on a storage medium, and the data processing 



apparatus decrypts the content key data and the usage 
control policy data stored in the distributed second mod- 
ule and determines the handling of the content data 
based on the related decrypted usage control policy da- 
ta. 

[0275] Also, a data providing system of a 73rd aspect 
of the present invention is a data providing system hav- 
ing a data providing apparatus, a data distribution ap- 
paratus, and a data processing apparatus, wherein the 
data providing apparatus distributes a first module stor- 
ing content data encrypted by using content key data, 
the encrypted content key data, and encrypted usage 
control policy data indicating the handling of the content 
data to the data distribution apparatus, the data distri- 
bution apparatus encrypts a plurality of second modules 
storing the encrypted content data, content key data, 
and the usage control policy data stored in the provided 
first module by using a common key obtained by mutual 
certification with the data processing apparatus, and 
then distributes the same to the data processing appa- 
ratus by using a predetermined communication protocol 
but in a format not depending upon the related commu- 
nication protocol, and the data processing apparatus 
has a first processing circuit for decrypting the distribut- 
ed plurality of second modules by using the common 
key, selecting a single or a plurality of second modules 
from among the related decrypted plurality of second 
modules, and performing charge processing with re- 
spect to a distribution service of the second modules 
and a tamper resistant second processing circuit receiv- 
ing the selected the second modules, decrypting the 
content key data and the usage control policy data 
stored in the related second modules, and determining 
the handling of the content data based on the related 
decrypted usage control policy data. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0276] 

Fig. 1 is a view of the overall configuration of an 
EMD system of a first embodiment of the present 
invention, 

Fig. 2 is a view for explaining a concept of a secure 
container of the present invention, 
Fig. 3 is afunctional block diagram of a content pro- 
vider shown in Fig. 1 and a view of a flow of data 
related to data transmitted and received with a SAM 
of a user home network, 

Fig. 4 is a functional block diagram of the content 
provider shown in Fig. 1 and a view of the flow of 
data related to the data transmitted and received 
between the content provider and an EMD service 
center, 

Figs. 5A to 5C are views for explaining a format of 
the secure container transmitted from the content 
provider shown in Fig. 1 to the SAM, 
Fig. 6 is a view for explaining data contained in a 
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content file shown in Fig. 5 in detail, 
Fig. 7 is a view for explaining data contained in a 
key file shown in Fig. 5 in detail, 
Fig. 8 is a view for explaining a header data stored 
in the content file, 5 
Fig. 9 is a view for explaining a content ID, 
Fig. 10 is a view for explaining a directory structure 
of the secure container, 

Fig. 1 1 is a view for explaining a hyper link structure 
of the secure container, 10 
Fig. 12 is a view for explaining a first example of 
ROM type storage medium used in the present em- 
bodiment, 

Fig. 13 is a view for explaining a second example 

of the ROM type storage medium used in the 15 

present embodiment, 

Fig. 14 is a view for explaining a third example of 
the ROM type storage medium used in the present 
embodiment, 

Fig. 15 is a view for explaining a first example of 20 
RAM type storage medium used in the present em- 
bodiment, 

Fig. 16 is a view for explaining a second example 
of the RAM type storage medium used in the 
present embodiment, 25 
Fig. 17 is a view for explaining a third example of 
the RAM type storage medium used in the present 
embodiment, 

Fig. 1 8 is a view for explaining a registration request 
use module transmitted from the content provider 30 
to the EMD service center, 

Fig. 19 is a flowchart showing a routine of process- 
ing for registration from the content provider to the 
EMD service center, 

Fig. 20 is a flowchart showing a routine of process- 35 
ing for preparation of an explanation in the content 
provider, 

Fig. 21 is a flowchart showing a routine of process- 
ing for preparation of an explanation in the content 
provider, 40 
Fig. 22 is a flowchart showing a routine of process- 
ing for preparation of an explanation in the content 
provider, 

Fig. 23 is a functional block diagram of the EMD 
service center shown in Fig. 1 and a view of the fiow 45 
of the data related to the data transmitted and re- 
ceived with the content provider, 
Fig. 24 is a functional block diagram of the EMD 
service center shown in Fig. 1 and a view of the flow 
of the data related to the data transmitted and re- so 
ceived between the SAM and a settlement manager 
shown in Fig. 1 , 

Fig. 25 is a view of the configuration of network ap- 
paratuses in the user home network shown in Fig. 1 , 
Fig. 26 is a functional block diagram of a SAM in the 55 
user home network shown in Fig. 1 and a view of 
the flow of the data until the secure container re- 
ceived from the content provider is decrypted, 



Fig. 27 is a view for explaining data stored in an ex- 
ternal memory shown in Fig. 25, 
Fig. 28 is a view for explaining data stored in a stack 
memory, 

Fig. 29 is another view of the configuration of the 
network apparatus in the user home network shown 
in Fig. 1 , 

Fig. 30 is a view for explaining data stored in a stor- 
age unit shown in Fig. 26, 

Fig. 31 is a functional block diagram of the SAM in 
the user home network shown in Fig. 1 and a view 
of the flow of the data related to processing for using 
and/or purchasing the content data, 
Fig. 32 is a view for explaining the flow of processing 
in a transferring side SAM in a case where the con- 
tent file which is downloaded on a download mem- 
ory of the network apparatus shown in Fig. 25 and 
with a purchase form already determined therefor 
is transferred to the SAM of an AV apparatus, 
Fig. 33 is a view of the flow of the data in the trans- 
ferring side SAM in the case shown in Fig. 32 : 
Figs. 34Ato 34D are views for explaining the format 
of the secure container for which the purchase form 
is determined, 

Fig. 35 is a view of the flow of the data when writing 
the input content file etc. in a RAM type or ROM type 
storage medium in the transferring side SAM in the 
case shown in Fig. 32, 

Fig. 36 is a view for explaining the flow of processing 
when determining the purchase form in an AV ap- 
paratus in a case where the user home network is 
receives the ROM type storage medium shown in 
Fig. 7 for which the purchase form of the content 
has not been determined off-line, 
Fig. 37 is a view of the flow of the data in the SAM 
in the case shown in Fig. 36, 
Fig. 38 is a view for explaining the flow of processing 
when reading the secure container from the ROM 
type storage medium with the purchase form not yet 
determined in the AV apparatus in the user home 
network, transferring this to another AV apparatus, 
and writing the same in a RAM type storage medi- 
um, 

Fig. 39 is a view of the flow of the data in the trans- 
ferring side SAM in the case shown in Fig. 38 : 
Figs. 40Ato 40C are views for explaining the format 
of the secure container transferred from the trans- 
ferring side SAM to a transferred side SAM in Fig. 
38, 

Fig. 41 is a view of the flow of data in the transferred 
side SAM in the case shown in Fig. 38, 
Figs. 42A to 42F are views for explaining the format 
of the data transmitted and received among the 
content provider shown in Fig. 1 , EMD service cent- 
er, and SAM by an In-band method, and an out-of- 
band method, 

Figs. 43G to 43J are views for explaining the format 
of the data transmitted and received among the 
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content provider shown in Fig. 1, EMD service cent- 
er, and SAM by the in-band method and the out-of- 
band method, 

Fig. 44 is a view for explaining an example of a con- 
nection configuration of apparatuses to buses in the 5 
user home network, 

Fig. 45 is a view for explaining the data format of a 
SAM registration list produced by a SAM, 
Fig. 46 is a view for explaining the data format of 
the SAM registration list produced by the EMD serv- 10 
ice center, 

Fig. 47 is a flowchart of the overall operation of the 
content provider shown in Fig. 1 , 
Fig. 48 is a view for explaining an example of a de- 
livery protocol of the secure container used in the is 
EMD system of a first embodiment, 
Fig. 49 is a view for explaining a second modifica- 
tion of the first embodiment of the present invention, 
Fig. 50 is a view for explaining a third modification 
of the first embodiment of the present invention, 20 
Fig. 51 is a view for explaining a case where a first 
procedure is employed in a fourth modification of 
the first embodiment of the present invention, 
Fig. 52 is a view for explaining a case where a sec- 
ond procedure is employed in a fourth modification 25 
of the first embodiment of the present invention, 
Fig. 53 is a view for explaining a fifth modification 
of the first embodiment of the present invention, 
Fig. 54 is a view for explaining a first pattern of a 
sixth modification of the first embodiment of the 30 
present invention, 

Fig. 55 is a view for explaining a second pattern of 
a sixth modification of the first embodiment of the 
present invention, 

Fig. 56 is a view for explaining a third pattern of a 35 
sixth modification of the first embodiment of the 
present invention, 

Fig. 57 is a view for explaining a fourth pattern of a 
sixth modification of the first embodiment of the 
present invention, 40 
Fig. 58 is a view for explaining a fifth pattern of a 
sixth modification of the first embodiment of the 
present invention, 

Fig. 59 is an overall view of the configuration of the 
EMD system of a second embodiment of the 45 
present invention, 

Fig. 60 is a functional block diagram of the content 
provider shown in Fig. 59 and a view of the flow of 
the data related to the secure container transmitted 
to a service provider, so 
Fig. 61 is a flowchart showing a routine of process- 
ing for delivery of the secure container performed 
in the content provider, 

Fig. 62 is a flowchart showing a routine of the 
processing for delivery of the secure container per- 55 
formed in the content provider, 
Fig. 63 is a functional block diagram of the service 
provider shown in Fig. 59 and a view of the flow of 



the data transmitted and received with the user 
home network, 

Fig. 64 is a flowchart showing a routine of the 
processing for preparation of the secure container 
performed in the service provider, 
Figs. 65A to 65D are views for explaining the format 
of the secure container transmitted from the service 
provider shown in Fig. 59 to the user home network, 
Fig. 66 isaviewforexplainingatransmissionformat 
of the content file stored in the secure container 
shown in Fig. 65, 

Fig. 67 is a view for explaining the transmission for- 
mat of the key file stored in the secure container 
shown in Fig. 65, 

Fig. 68 is a functional block diagram of the service 
provider shown in Fig. 59 and a view of the flow of 
the data transmitted and received with the EMD 
service center, 

Fig. 69 is a view for explaining the format of a price 
tag registration request use module transmitted 
from the service provider to the EMD service center, 
Fig. 70 is a functional block diagram of the EMD 
service center shown in Fig. 59 and a view of the 
flow of the data related to the data transmitted and 
received with the service provider, 
Fig. 71 is a functional block diagram of the EMD 
service center shown in Fig. 59 and a view of the 
flow of the data related to the data transmitted and 
received with the content provider, 
Fig. 72 is a functional block diagram of the EMD 
service center shown in Fig. 59 and a view of the 
flow of the data related to the data transmitted and 
received with the SAM, 

Fig. 73 is a view for explaining contents of usage 
log data, 

Fig. 74 is a view of the configuration of the network 
apparatus shown in Fig. 59 : 
Fig. 75 is a functional block diagram of a CA module 
shown in Fig. 74, 

Fig. 76 is a functional block diagram of the SAM 
shown in Fig. 74 and a view of the flow of the data 
from the input of the secure container to decryption, 
Fig. 77 is a view for explaining the data stored in the 
storage unit shown in Fig. 76, 
Fig. 78 is a functional block diagram of the SAM 
shown in Fig. 74 and a view of the flow of the data 
in a case where a purchase and/or usage form of 
the content etc. are determined, 
Fig. 79 is a flowchart showing a routine of process- 
ing for determining the purchase form of the secure 
container in the SAM, 

Fig, 80 is a view for explaining the format of the key 
file after the purchase form is determined, 
Figs. 81 A to 81 E are views for explaining the flow 
of the processing in the transferred side SAM in a 
case where the content file downloaded on the 
download memory of the network apparatus shown 
in Fig. 74 and with the purchase form already de- 
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termined therefor is transferred to the SAM of the 
AV apparatus, 

Fig. 82 is a view of the flow of the data in the trans- 
ferring side SAM in the case shown in Fig. 81 , 
Fig. 83 is a view of the flow of the data in the trans- s 
ferred side SAM in the case shown in Fig. 81 , 
Fig. 84 is a flowchart of the overall operation of the 
EMD system shown in Fig. 59, 
Fig. 85 is a flowchart of the overall operation of the 
EMD system shown in Fig. 59, 10 
Fig. 86 is a view for explaining an example of the 
delivery format of the secure container from the 
service provider to the user home network in the 
EMD system of the second embodiment, 
Fig. 87 is a view for explaining an example of the is 
delivery protocol of the secure container employed 
by the EMD system of the second embodiment, 
Fig. 88 is a view for explaining the delivery protocol 
used when delivering the secure container etc. from 
the user home network to a service provider 31 0 in 20 
Fig. 87, 

Fig. 89 is a view for explaining the delivery protocol 
used when delivering the key file etc. from the con- 
tent provider to the EMD service center in Fig. 87, 
Fig. 90 is a view for explaining the delivery protocol 25 
used when delivering a price tag data 312 etc. from 
the service provider to the EMD service center in 
Fig. 87, 

Fig. 91 is a view for explaining the delivery protocol 
used when delivering the secure container etc. in 30 
the user home network in Fig. 87, 
Fig. 92 is a view for explaining an implement format 
of the secure container to a protocol layer in a case 
where XML/SMIL/BML is utilized for a data broad- 
cast method of a digital broadcast, 35 
Fig. 93 is a view for explaining the implement format 
of the secure container to the protocol layer in a 
case where MHEG is utilized for the data broadcast 
method of the digital broadcast, 

Fig. 94 is a view for explaining the implement format 40 
of the secure container to the protocol layer in a 
case where XML/SMIL is utilized for the data broad- 
cast method of an interface, 
Fig. 95 is a view for explaining the delivery protocol 
used when delivering the usage log data etc. from 45 
the user home network to the EMD service center, 
Fig. 96 is a view for explaining the delivery protocol 
used when delivering the secure container etc. in 
the user home network, 

Fig. 97 is a view of the configuration of the EMD so 
system using two service providers according to a 
first modification of the second embodiment of the 
present invention, 

Fig. 98 is a view of the configuration of the EMD 
system using a plurality of content providers ac- 55 
cording to a second modification of the second em- 
bodiment of the present invention, 
Fig. 99 is a view of the configuration of the EMD 



system according to a third modification of the sec- 
ond embodiment of the present invention, 
Fig. 100 is a view of the configuration of the EMD 
system according to a fourth modification of the sec- 
ond embodiment of the present invention, 
Fig. 101 is a view for explaining a form of a route 
for acquiring certificate data, 
Fig. 1 02 is a view for explaining processing in a case 
where the certificate data of the content provider is 
invalidated, 

Fig. 1 03 is a view for explaining processing in a case 
where the certificate data of the service provider is 
invalidated, 

Fig. 104 is a view for explaining processing in a case 
where the certificate data of the SAM is invalidated, 
Fig. 1 05 is a view for explaining another processing 
in the case where the certificate data of the SAM is 
invalidated, 

Fig. 1 06 is a view for explaining a case where a right 
management use clearinghouse and an electronic 
settlement use clearinghouse are provided in the 
EMD system shown in Fig. 47 in place of the EMD 
service center, 

Fig. 107 is a view of the configuration of the EMD 
system in a case where the right management use 
clearinghouse and the electronic settlement use 
clearinghouse shown in Fig. 106 are provided in a 
single EMD service center, 

Fig. 108 is a view of the configuration of the EMD 
system in a case where the service provider directly 
performs settlement at the electronic settlement 
use clearinghouse, 

Fig. 109 is a view of the configuration of the EMD 
system in a case where the content provider directly 
performs settlement at the electronic settlement 
use clearinghouse, 

Fig. 110 is a view of the configuration of the EMD 
system in a case where the content provider is fur- 
ther provided with functions of both of the right man- 
agement use clearinghouse and the electronic set- 
tlement use clearinghouse, 

Fig. 111 is a view for explaining the format of the 
secure container provided from the content provider 
to the service provider shown in Fig. 47 in an eighth 
modification of the second embodiment of the 
present invention, 

Fig. 112 is a view for explaining a link relationship 
by directory structure data between the content file 
and the key file shown in Fig. 111 . 
Fig. 113 is a view for explaining another example of 
the directory structure between the content file and 
the key file, 

Fig. 114 is a view for explaining the format of the 
secure container provided from the service provider 
to the SAM shown in Fig. 47 in the eighth modifica- 
tion of the second embodiment of the present inven- 
tion, 

Fig. 115 is a view for explaining a first concept of 
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the data format of a composite type secure contain- 
er, 

Fig. 116 is a view for explaining a second concept 
of the data format of the composite type secure con- 
tainer, 5 
Fig. 1 1 7 is a view for explain ing a case where a first 
procedure is employed in the EMD system accord- 
ing to the eighth modification of the second embod- 
iment of the present invention, 

Fig. 118 isaviewforexplainingacasewhereasec- 10 
ond procedure is employed in the EMD system ac- 
cording to the eighth modification of the second em- 
bodiment of the present invention, 
Fig. 119 is a view for explaining a data format in a 
case where the file format is not employed in the 15 
EMD system according to the eighth modification of 
the second embodiment of the present invention, 
Fig. 120 is a view of the configuration of the EMD 
system according to a 1 0th modification of the sec- 
ond embodiment of the present invention, 20 
Fig. 121 is a view of the configuration of the EMD 
system according to a first pattern of an 1 1th mod- 
ification of the second embodiment of the present 
invention, 

Fig. 122 is a view of the configuration of the EMD 25 
system according to a second pattern of the 11th 
modification of the second embodiment of the 
present invention, 

Fig. 123 is a view of the configuration of the EMD 
system according to a third pattern of the 1 1 th mod- 30 
ification of the second embodiment of the present 
invention, 

Fig. 124 is a view of the configuration of the EMD 
system according to a fourth pattern of the 11th 
modification of the second embodiment of the 35 
present invention, 

Fig. 125 is a view of the configuration of the EMD 
system according to a fifth pattern of the 11th mod- 
ification of the second embodiment of the present 
invention, 40 
Fig. 126 is a view of the configuration of the EMD 
system according to a ninth modification of the sec- 
ond embodiment of the present invention, 
Fig. 1 27 is a view for explaining a file inclusion size 
relationship of the secure container in the second 45 
embodiment of the present invention, 
Fig. 1 28 is a view for explaining the EMD system of 
a third embodiment of the present invention, 
Fig. 129 is a functional block diagram of the EMD 
service center shown in Fig. 128, so 
Fig. 130 is a view for explaining a modification of 
the EMD system of the third embodiment of the 
present invention, 

Fig. 1 31 is a view for explaining the EMD system of 
a fourth embodiment of the present invention, 55 
Fig. 132 is a view for explaining a modification of 
the EMD system of the fourth embodiment of the 
present invention, 



Fig. 1 33 is a view for explaining the EMD system of 
a fifth embodiment of the present invention, 
Fig. 134 is a view for explaining a modification of 
the EMD system of the fifth embodiment of the 
present invention, 

Fig. 135 is a view for explaining another modifica- 
tion of the EMD system of the fifth embodiment of 
the present invention, 

Fig. 1 36 is a view for explaining the EMD system of 
a sixth embodiment of the present invention, 
Fig. 137 is a view for explaining a modification of 
the EMD system of the sixth embodiment of the 
present invention, 

Fig. 138 is a view for explaining another modifica- 
tion of the EMD system of the sixth embodiment of 
the present invention, 

Fig. 1 39 is a view for explaining the EMD system of 
a seventh embodiment of the present invention, 
Fig. 140 is a view for explaining a modification of 
the EMD system of the seventh embodiment of the 
present invention, 

Fig. 141 is a view for explaining another modifica- 
tion of the EMD system of the seventh embodiment 
of the present invention, 

Fig. 1 42 is a view for explaining the EMD system of 
an eighth embodiment of the present invention, 
Fig. 143 is a view for explaining the EMD system of 
a ninth embodiment of the present invention, 
Fig. 144 is a view for explaining the format of the 
key file in a case where the key file is produced in 
the content provider, and 

Fig. 145 is a view of the configuration of a conven- 
tional EMD system. 

BEST MODE FOR WORKING THE INVENTION 

[0277] Below, an explanation will be given of an EMD 
(electronic music distribution) system according to the 
present embodiment. 

First embodiment 

[0278] Figure 1 is a view of the configuration of an 
EMD system 100 of the present embodiment. 
[0279] In the present embodiment, the content data 
distributed to the user means digital, data with the infor- 
mation per se having value and includes image data, 
audio data, programs (software), etc., but an explana- 
tion will be given below by taking as an example music 
data. 

[0280] As shown in Fig. 1 , the EMD system 100 has 
a content provider 101, an EMD service center (clear- 
inghouse, hereinafter, also described as an "ESC") 102, 
and a user home network 1 03. 

[0281] Here, the content provider 101, EMD service 
center 102, and SAMs 105 1 to 105 4 correspond to the 
data providing apparatus, management device, and the 
data processing apparatuses according to claim 1 , claim 
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6, claim 104, and claim 109. 

[0282] First, a brief explanation will be given of the 
EMD system 100. 

[0283] In the EMD system 100, the content provider 
1 01 sends the content key data Kc used when encrypt- 5 
ing the content data C of the content to be provided by 
itself, usage control policy (UCP, certificate of title) data 
106 indicating the content of rights such as usage per- 
mission conditions of the content data C, and electronic 
watermark information management data indicating the 
content and buried location of the electronic watermark 
information to the EMD service center 102 serving as 
the reputable authority manager. 
[0284] The EMD service center 102 registers (certi- 
fies or authorizes) the content key data Kc, usage con- 
trol policy data 106, and the electronic watermark infor- 
mation key data received from the content provider 101. 
[0285] Also, the EMD service center 1 02 produces a 
key file KF with the content key data Kc encrypted by 
the distribution use key data KD., to KD 6 of a corre- 
sponding period, the usage control policy data 106, and 
its own signature data stored therein and sends this to 
the content provider 1 01 . 

[0286] Here : the signature data is used for verifying 
existence of tampering with the key file KF, the legitima- 
cy of the author of the key file KF, and the fact that the 
key file KF was normally registered in the EMD service 
center 102. 

[0287] Also, the content provider 101 encrypts the 
content data C by the content key data Kc and distrib- 
utes a secure container (module of the present inven- 
tion) 104 storing the related produced content file CF, 
key file KF received from the EMD service center 102, 
its own signature data, etc. therein to the user home net- 
work 1 03 by using a network such as the Internet, digital 
broadcast, or package media such as storage media. 
[0288] Here, the signature data stored in the secure 
container 1 04 is used for verifying the existence of tam- 
pering with the corresponding data and the legitimacy 
of the author and transmitter of the related data. 
[0289] The user home network 1 03 has for example 
a network apparatus 1 60 1 and AV apparatuses 1 60 2 to 
160 4 . 

[0290] The network apparatus 160 1 includes a built- 
in SAM (secure application module) 105-,. 
[0291] The AV apparatuses 160 2 to 160 4 include built- 
in SAMs 1 05 A to 105 4 . The SAMs 1 05 1 to 1 05 4 are con- 
nected to each other via a bus 191 for example an IEEE 
(Institute of Electrical and Electronics Engineers) 1394 
serial interface bus. 

[0292] The SAMs 105 1 to 105 4 decrypt the secure 
container 104 received by the network apparatus 160., 
via the network or the like from the content provider 1 01 
on-line and/or the secure container 104 received at the 
AV apparatuses 160 2 to 160 4 from the content provider 
101 via storage media off-line by using the distribution 
use key data KD., to KD 3 of the corresponding period, 
then perform the verification of the signature data. 



[0293] The secure container 104 supplied to the 
SAMs 1 05^ to 1 05 4 becomes the object of the reproduc- 
tion, recording to a storage medium etc. after the pur- 
chase and/or usage form is determined by an operation 
of the users in the network apparatus 160 1 and the AV 
apparatuses 1 60 2 to 1 60 4 . 

[0294] The SAMs 1 05! to 1 05 4 record the log of the 
purchase and/or usage form of the secure container 104 
as usage log data 108 and, at the same time, produce 
usage control status data 166 indicating the purchase 
form. 

[0295] The usage log data 1 08 is transmitted from the 
user home network 103 to the EMD service center 102 
in response to for example a request from the EMD serv- 
ice center 102. 

[0296] The usage control status data 1 66 is transmit- 
ted from the user home network 1 03 to the EMD service 
center 1 02 whenever for example the purchase form is 
determined. 

[0297] The EMD service center 102 determines (cal- 
culates) a charge content based on the usage log data 
108 and performs settlement at a settlement manager 
91 such as a bank via a payment gateway 90. By this, 
the money paid to the settlement manager 91 by the us- 
er of the user home network 103 is paid to the content 
provider 101 by the settlement processing by the EMD 
service center 102. 

[0298] Also, the EMD service center 1 02 transmits the 
settlement report data 1 07 to the content provider 1 01 
at every predetermined period. 

[0299] In the present embodiment, the EMD service 
center 1 02 has a certificate authority function, a key data 
management function, and a right clearing (profit distri- 
bution) function. 

[0300] Namely, the EMD service center 1 02 functions 
as a second certificate authority with respect to a route 
certificate authority 92 as the highest authority manager 
located at a neutral position (located in the lower layer 
of the route certificate authority 92) and certifies the le- 
gitimacy of the related public key data by attaching a 
signature by secret key data of the EMD service center 
1 02 to the certificate data of the public key data used 
for the verification processing of the signature data in 
the content provider 101 and SAMs 105., to 105 4 . Also, 
as mentioned above, the registration and authorization 
of the usage control policy data 1 06 of the content pro- 
vider 101 by the EMD service center 102 is one of the 
certificate authority functions of the EMD service center 
102. 

[0301] Also, the EMD service center 102 has a key 
data management function for managing the key data, 
for example, the distribution use key data KD., to KD 6 . 
[0302] Also, the EMD service center 102 has a right 
clearing (profit distribution) function of performing set- 
tlement for a purchase and/or usage of the content by 
the user based on the suggested retailer" price SRP de- 
scribed in the authorized usage control policy data 106 
and the usage log data 108 input from the SAMs 105 1 
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to 105 4 and distributing money paid by the user to the 
content provider 101. 

[0303] Figure 2 is a view summarizing the concept of 
the secure container 104. 

[0304] As shown in Fig. 2, inthesecurecontainer104 f 
the content file CF produced by the content provider 1 01 
and the key file KF produced by the EMD service center 
102 are stored. 

[0305] In the content file CF, header data containing 
the header portion and the content ID, the encrypted 
content data C using the content key data Kc, and the 
signature data using a secret key data K CPS of the con- 
tent provider 101 for them are stored. 
[0306] In the key file KF the header data containing 
the header portion and the content ID, the content key 
data Kc, and the usage control policy data 106 encrypt- 
ed by the distribution use key data KD 1 to KD 6 and the 
signature data by secret key data K ESC s of the EMD 
service center 102 for them are stored. 
[0307] Below, a detailed explanation will be given of 
the components of the content provider 101 . 

[Content Provider 101] 

[0308] Figure 3 is a functional block diagram of the 
content provider 101 and shows the flow of the data re- 
lated to the data transmitted and received with the SAMs 
1 05 1 to 1 05 4 of the user home network 1 03. 
[0309] Also, in Fig. 4, the flow of the data related to 
the data transmitted and received between the content 
provider 1 01 and the EMD service center 1 02 is shown. 
[0310] Note that, in Fig. 4 and the following drawings, 
the flow of the data input and output to and from the 
signature data processing unit and the encryption and/ 
or decryption unit using session key data K SES is omit- 
ted. 

[0311] As shown in Fig. 3 and Fig. 4, the content pro- 
vider 101 has a content master source database 111, 
an electronic watermark information addition unit 112, a 
compression unit 113, an encryption unit 114, a random 
number generation unit 115, an expansion unit 116, a 
signature processing unit 11 7, a secure container prep- 
aration unit 118, a secure container database 118a, a 
key file database 118b, a storage unit (database) 119, 
a mutual certification unit 120 : an encryption and/or de- 
cryption unit 121, a usage control policy data prepara- 
tion unit 122, an audial check unit 123, a SAM manage- 
ment unit 1 24, an EMD service center management unit 
125, and a content ID generation unit 850. 
[0312] The content provider 101 registers for example 
its own generated public key data, ID, and its own bank 
account number (account number for settlement) in the 
EMD service center 102 off-line before communicating 
with the EMD service center 102 and acquires its own 
identifier (identification number) CPJD. Also, the con- 
tent provider 101 receives the public key data of the 
EMD service center 1 02 and the public key data of the 
route certificate authority 92 from the EMD service cent- 



er 102. 

[0313] Below, an explanation will be given of the func- 
tional blocks of the content provider 101 shown in Fig. 
3 and Fig. 4. 

5 [0314] The content master source database 111 
stores the content data as the master source of the con- 
tent to be provided to the user home network 103 and 
outputs content data S111 to be provided to the elec- 
tronic watermark information addition unit 112. 
10 [0315] The electronic watermark information addition 
unit 112 buries a source watermark Ws, a copy control 
watermark Wc, a user watermark Wu, a link watermark 
WL, etc. in the content data S111 to produce content 
data S1 1 2 and outputs the content data S1 1 2 to the corn- 
's pression unit 113. 

[0316] The source watermark Ws is information con- 
cerning the copyright such as the name of the copyright 
owner of the content data, the ISRC code, authoring 
date, authoring apparatus ID (identification data), and 
destination of distribution of the content. 
[0317] The copy control watermark Wc is information 
containing a copy prohibition bit for prevention of copy- 
ing via an analog interface. 

[0318] The user watermark Wu contains, for example, 
the identifier CPJD of the content provider 101 for spec- 
ifying the origin of distribution and the destination of dis- 
tribution of the secure container 104 and identifiers 
SAM_ID 1 to SAM_ID 4 of the SAMs 105 1 to 105 4 of the 
user home network 103. 

[0319] The link watermark WL contains for example 
the content ID of the content data C. 
[0320] By burying the link watermark WL in the con- 
tent data C, even in a case where the content data C is 
distributed by an analog broadcast for example a tele- 
vision or AM/FM radio, the EMD service center 1 02 can 
introduce a content provider 101 handling the related 
content data C to the user in response to a request from 
the user. Namely, by detecting the link watermark WL 
buried in the content data C utilizing an electronic wa- 
termark information decoder at the receiving location of 
the related content data C and transmitting the content 
ID contained in the related detected link watermark WL 
to the EMD service center 1 02, the EMD service center 
102 can introduce the content provider 101 etc. handling 
the related content data C to the related user. 
[0321] Concretely, for example, if the user pushes a 
predetermined button at a point of time when he thinks 
that the music being broadcast is good while listening 
to the radio in a car, the electronic watermark informa- 
tion decoder built-in the related radio detects the content 
ID contained in the link watermark WL buried in the re- 
lated content data C, a communication address, etc. of 
the EMD service center 1 02 registering the related con- 
tent data C etc., and stores the related detected data in 
a media SAM carried in for example a memory stick or 
other semiconductor memory or an MD (Mini Disc) or 
other optical disc or other portable medium. Then, he 
sets the related movable media in the network appara- 
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tus carrying a SAM connected to the network. Then, af- 
ter mutual certification by the related SAM and the EMD 
service center 1 02.. he transmits the personal informa- 
tion carried in the media SAM and the stored content ID 
etc. from the network apparatus to the EMD service 
center 102. Thereafter, the network apparatus receives 
an introduction list etc. of the content provider 101 etc. 
handling the related content data C from the EMD serv- 
ice center 102. 

[0322] In addition, for example, when the EMD serv- 
ice center 1 02 receives the content ID etc. from the user, 
the information specifying the related user may be noti- 
fied to the content provider 101 providing the content 
data C corresponding to the related content ID. In this 
case, the content provider 101 receiving the related 
communication transmits the related content data C to 
the network apparatus of the user if the related user is 
a contracting subscriber or may transmit promotional in- 
formation concerning itself to the network apparatus of 
the user if the related user is not a contracting subscrib- 
er. 

[0323] Note that, in the second embodiment men- 
tioned later, an EMD service center 302 can introduce 
a service provider 310 handling the related content data 
C to the user based on the link watermark WL. 
[0324] Also, in the present embodiment, preferably, 
the content and buried location of each electronic wa- 
termark information are defined as a watermark module 
WM, and the watermark module WM is registered and 
managed in the EMD service center 102. The water- 
mark module WM is used when for example the network 
apparatus 1 60 1 and the AV apparatuses 1 60 2 to 1 60 4 in 
the user home network 103 verify the legitimacy of the 
electronic watermark information. 
[0325] For example, in the user home network 103, 
by deciding that the electronic watermark information is 
legitimate where both of the buried location of the elec- 
tronic watermark information and the content of the bur- 
ied electronic watermark information match based on 
the user watermark module managed by the EMD serv- 
ice center 1 02, the burial of a false electronic watermark 
information can be detected with a high probability. 
[0326] The compression unit 113 compresses the 
content data S1 1 2 by an acoustic compression method, 
for example ATRAC3 (Adaptive Transform Acoustic 
Coding 3) (trademark), and outputs compressed con- 
tent data S113 to the encryption unit 114. 
[0327] In this case, at the time of compression by the 
compression unit 113, it is also possible to bury the elec- 
tronic watermark information in the content data again. 
Concretely, as shown in Fig. 3, when the content data 
113 is expanded at the expansion unit 116 to produce 
content data S116 and the content data S116 is repro- 
duced at the audial check unit 1 23, the influence exerted 
upon the quality of sound by the burial of the electronic 
watermark information is decided by for example a per- 
son actually listening to it. Where it does not satisfy a 
predetermined standard, the electronic watermark infor- 



mation addition unit 112 is instructed to perform the 
processing for burying the electronic watermark infor- 
mation again. 

[0328] By this, when employing an acoustic compres- 
5 sion method accompanied by for example loss of data, 
it is possible to adequately cope with the case where the 
buried electronic watermark information is lost due to 
the related compression. Further, it is also possible to 
expand the compressed content data again and confirm 
w whether or not the buried electronic watermark informa- 
tion can be correctly detected. In this case, the feeling 
of the sound quality is also verified. Where there is a 
problem in the sound, the burial of the electronic water- 
mark information is adjusted. For example, where the 
*s electronic watermark information is buried by using a 
masking effect, the layer for burying the electronic wa- 
termark information is adjusted. 

[0329] The encryption unit 114 uses the content key 
data Kc as the common key, encrypts the content data 
20 S1 1 3 by a common key encryption method such as DES 
(Data Encryption Standard) or Triple DES to produce the 
content data C, and outputs this to the secure container 
preparation unit 118. 

[0330] Also, the encryption unit 114 encrypts an AA/ 

25 expansion use software Soft, a meta data Meta, and the 
watermark module WM by using the content key data 
Kc as the common key and then outputs them to the 
secure container preparation unit 117. 
[0331] DES is the encryption method for processing 

30 64 bits of plain text as one block by using a common key 
of 56 bits. The processing of DES is comprised of a por- 
tion for scrambling the plain text to convert the same to 
encrypted text (data scrambling portion) and a portion 
for creating the key (magnification key) data used in the 

35 data scrambling portion from the common key data (key 
processing portion). All algorithms of the DES are pub- 
lic, therefore, here, the basic processing of the data 
scrambling portion will be simply explained. 
[0332] First, 64 bits of the plain text are divided to H 0 

40 of the upper significant 32 bits and Lq of lower significant 
32 bits. By receiving as input the magnification key data 
K 1 of 48 bits supplied from the key processing unit and 
the Lq of the lower significant 32 bits, the output of an F 
function scrambled Lq of the lower significant 32 bits is 

45 calculated. The F function is comprised of two types of 
basic transforms of "substitution" of switching numerical 
values by a predetermined rule and "transposition" of 
switching bit locations by a predetermined rule. Next, an 
exclusive OR of the H 0 of the upper significant 32 bits 

50 and the output of the F function is calculated, and the 
result thereof is defined as L 1 . Also, Lq is made H 1 . 
[0333] Then, based on the H 0 of the upper significant 
32 bits and the Lq of the lower significant 32 bits, the 
above processing is repeated 16 times. The obtained 

55 h 16 of the upper significant 32 bits and L 16 of the lower 
significant 32 bits are output as the encrypted text. The 
decryption is realized by inversely following the se- 
quence by using the common key data used for the en- 
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cryption. 

[0334] The random number generation unit 115 gen- 
erates a random number of a predetermined number of 
bits and stores the related random number as the con- 
tent key data Kc in the storage unit 119. 
[0335] Note that, it is also possible if the content key 
data Kc is produced from the information concerning a 
song provided by the content data. The content key data 
Kc is updated for example every predetermined time. 
[0336] Also, where a plurality of content providers 1 01 
exist, it is also possible to use inherent content key data 
Kcfrom individual content providers 1 01 or it is also pos- 
sible to use the content key data Kc common to all con- 
tent providers 1 01 . 

[0337] In the key file database 1 1 8b, as shown in Fig. 
4, the key file KF shown in Fig. 5B received from the 
EMD service center 102 via the EMD service center 
management unit 125 is stored. The key file KF exists 
for every content data C. As will be mentioned later, a 
link is designated with the corresponding content file CF 
by directory structure data DSD in the header of the con- 
tent file CF. 

[0338] In the key file KF, as shown in Fig. 5B and Fig. 
7, the header, content key data Kc, usage control policy 
data 106 (usage permission condition) 106, SAM pro- 
gram download containers SDCj to SDC 3 , and signa- 
ture data SIG K1 ESC are stored. 

[0339] Here : as the signature data using the secret 
key data K ESC s of the content provider 1 01 , use can be 
also made of the signature data K 1 ESC for ai I data stored 
in the key file KF as shown in Fig. 5B. Alternatively, sig- 
nature data for the data from the header to the informa- 
tion concerning the key file, signature data for the con- 
tent key data Kc and the usage control policy data 1 06, 
and signature data for the SAM program download con- 
tainer SDC can be separately provided too as shown in 
Fig. 7. 

[0340] The content key data Kc and usage control pol- 
icy data 1 06 and the SAM program download containers 
SDC, to SDC 3 are encrypted by using the distribution 
use key data KD 1 to KD 6 of the corresponding periods. 
[0341] In the header data, as shown in Fig. 7, a syn- 
chronization signal, the content ID, the signature data 
by the secret key data K ESC s of the content provider 
101 forthecontent ID, thedirectory structure data, hyper 
link data, the information concerning the key file KF, the 
signature data by the secret key data K ESC s of the con- 
tent provider 101 for the directory structure data, etc. 
are contained. 

[0342] Note that, as the information to be contained 
in the header data, various information can be consid- 
ered and freely varied according to the situation. For ex- 
ample, it is also possible if the information as shown in 
Fig. 8 is contained in the header data. 
[0343] Also, in the content ID, for example : the infor- 
mation as shown in Fig. 9 is contained. The content ID 
is produced in the EMD service center 1 02 orthecontent 
provider 1 01 . Where it is produced in the EMD service 



center 102, the signature data by the secret key data 
k esc,s of tne EMD service center 102 is added as 
shown in Fig. 9, while where it is produced at the content 
provider 101 , the secret key data Kc PS of the content 

5 provider 1 01 is added. 

[0344] The content ID is produced by for example the 
content ID generation unit 850 as shown in Fig. 4 and 
stored in the storage unit 119. Note that, it is also pos- 
sible if the content ID is produced by the EMD service 

10 center 102. 

[0345] The directory structure data indicates corre- 
spondence among the content files CF in the secure 
container 1 04 and correspondence between the content 
files CF and the key files KF 

'5 [0346] For example, where the content files CF^ to 
CF 3 and the key files KF., to KF 3 corresponding to them 
are stored in the secure container 1 04, as shown in Fig. 
1 0, the links among the content files CF 1 to CF 3 and the 
links between the content files CF-, to CF 3 and the key 

20 files KF 1 to KF 3 are established by the directory struc- 
ture data. 

[0347] The hyper link data indicates a hierarchy struc- 
ture among the key files KF and the correspondence be- 
tween the content files CF and the key files KF covering 

25 all files inside and outside the secure container 1 04. 
[0348] Concretely, as shown in Fig. 11, the address 
information of the linked site for every content file CF 
and key file KF and the certificate value (hash value) 
thereof are stored in the secure container 1 04. The links 

30 are verified by comparing the hash value of one's own 
address information obtained by using the hash function 
H(x) and the certificate value of the other party. 
[0349] Also, in the usage control policy data 1 06, as 
shown in Fig. 7, the content ID, identifier CP_ID of the 

35 content provider 101, an expiration date of the usage 
control policy data 106, the communication address of 
the EMD service center 1 02, usage space examination 
information, wholesale price information, a handling 
plan, handling control information, handling control in- 

40 formation of a commodity demo, the signature data for 
them, etc. are contained. 

[0350] Note that, as in the second embodiment men- 
tioned later, where a secure container 304 is transmitted 
via the service provider 31 0 to a user home network 303, 
45 in the usage control policy data 1 06, an identifier SP_ID 
of the service provider 31 0 for providing the secure con- 
tainer 104 by the content provider 301 is contained. 
[0351] Also, in the SAM program download contain- 
ers SDC-j to SDC 3 , as shown in Fig. 7, a download driver 
50 indicating the routine of the download used when down- 
loading a program in the SAMs 105 t to 105 4 , a label 
reader such as an UCP-L (Label) R (Reader) indicating 
a syntax (grammar) of the usage control policy data 
(UCP) U106, lock key data for locking/unlocking rewrit- 
es ing and erasing of the storage units (flash-ROM) built in 
the SAMs 1 05 t to 1 05 4 in block units, and the signature 
data for them are contained. 

[0352] Note that, the storage unit 119 is provided with 
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various databases including for example a database for 
storing the certificate data. 

[0353] The signature processing unit 117 obtains the 
hash value of the data covered by the signature and pro- 
duces the signature data SIG thereof by using the secret 5 
key data Kcps of the content provider 101. 
[0354] Note that, the hash value is produced by using 
a hash function. A hash function is a function receiving 
as input the data covered, compressing the related input 
data to data having a predetermined bit length, and out- 
putting the same as the hash value. The hash function 
has as its characteristic feature that it is difficult to pre- 
dict the input of the hash function from the hash value 
(output). When one bit input to the hash function varies, 
many bits of the hash value vary, so it is difficult to find 
the input data having an identical hash value. 
[0355] The secure container preparation unit 118 pro- 
duces the content file CF storing the header data, meta 
data Meta, the content data C, A/V expansion use soft- 
ware Soft, and the watermark module WM input from 
the encryption unit 1 1 4 and encrypted by the content key 
data Kc therein as shown in Fig. 5A. 
[0356] It is also possible to contain the file reader and 
the signature data of the file reader in the secret key 
data K CPS as shown in Fig. 6. By doing this, in the SAMs 
1 05 1 to 1 05 4 , a plurality of secure containers 1 04 storing 
the content files CF of different formats received from a 
plurality of secure containers 104 of different streams 
can be efficiently processed. 

[0357] Here, the file reader is used when reading a 
content file CF and the key file KF corresponding to that 
and indicates the reading routine etc. of these files. 
[0358] Note, in the present embodiment, a case 
where the related file reader is transmitted in advance 
from the EMD service center 102 to the SAMs 105 1 to 
105 4 is exemplified. Namely, in the present embodi- 
ment, the content file CF of the secure container 104 
does not store the file reader. 

[0359] In the header data, as shown in Fig. 6, the syn- 
chronization signal, content ID, signature data by the se- 
cret key data Kcpg of the content provider 101 for the 
content ID, directory information, hyperlink information, 
serial number, expiration date and producer information 
of the content file CF, file size, existence of encryption, 
encryption algorithm, information concerning the signa- 
ture algorithm, signature data by the secret key data 
Kqps of the content provider 101 concerning the direc- 
tory information, etc. are contained. 
[0360] In the meta data Meta, as shown in Fig. 6, ex- 
planatory text of the commodity (content data C), com- 
modity demo and PR information, information related to 
the commodity, and the signature data from the content 
provider 101 for them are contained. 
[0361] In the present invention, as shown in Fig. 5 and 
Fig. 6, the case where the meta data Meta is stored in 
the content file CF and transmitted is exemplified, but it 
is also possible not to store the meta data Meta in the 
content file CF, but transmit the same from the content 



provider 101 to the SAM 105 1 etc. through a route dif- 
ferent from the route for transmitting the content file CF. 
[0362] The A/V expansion use software Soft is the 
software used when expanding the content file CF in the 
network apparatus 1 60 1 and the AV apparatuses 1 60 2 
to 1 60 4 of the user home network 1 03 and is the expan- 
sion use software of for example the ATRAC3 method. 
[0363] In this way, by storing the AA/ expansion use 
software Soft in the secure container 104, the content 
data C can be expanded by using the AA/ expansion 
use software Soft stored in the secure container 104 in 
the SAMs 105 1 to 105 4 . Even if the compression and 
expansion method of the content data C is freely set by 
the content provider 1 01 for every content data C or eve- 
ry content provider 1 01 , a large load will not be imposed 
on the user. 

[0364] The watermark module WM contains for exam- 
ple the information required for detecting the electronic 
watermark information buried in the content data C and 
software as mentioned before. 

[0365] Also, the secure container preparation unit 118 
produces the secure container 104 storing the content 
file CF shown Fig. 5A mentioned above, signature data 
SIG 6 ,cp °* tne re|ated content file CF, the key file KF 
shown in Fig. 5B corresponding to the related content 
file CF read out from the key file database 11 8b, signa- 
ture data SIG 7 CP of the related key file KF, certificate 
data CER CP of the content provider 101 read out from 
the storage unit 1 1 9, and signature data SIG., ESC of the 
related certificate data CERcp therein. 
[0366] Here, the signature data SIG 6 CP is used for 
verifying the legitimacy of the producer and transmitter 
of the content file CF at the received site of the secure 
container 1 04. 

[0367] Here, the signature data SIG 7 CP is used for 
verifying the legitimacy of the transmitter of the key file 
KF at the received site of the secure container 1 04. Note 
that, at the received site of the secure container 104, the 
legitimacy of the producer of the key file KF is verified 
based on the signature data SIG K1 ESC in the key file KF 
Also, the signature data SIG K1 ESC is used also for ver- 
ifying whether or not the key file KF is registered in the 
EMD service center 102. 

[0368] In the present embodiment, the encrypted con- 
tent data C is stored in the secure container 104 in a 
form not depending upon the compression method of 
the content data C, existence of compression, encryp- 
tion method (including both the cases of the common 
key encryption method and public key encryption meth- 
od), parameters of the signals giving the content data C 
(sampling frequency etc.), and the preparation method 
(algorithm) of the signature data. Namely, these items 
can be freely determined by the content provider 101 . 
[0369] Also, the secure container preparation unit 118 
outputs the secure container 104 stored in the secure 
container database 118a to the SAM management unit 
124 in response to a request from the user. 
[0370] In this way, in the present embodiment, an in- 
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band method of storing the certificate CER CP of the pub- 
lic key data K CP P of the content provider 1 01 in the se- 
cure container 1 04 and transmitting the same to the user 
home network 103 is employed. Accordingly, the user 
home network 1 03 does not have to communicate with 
the EMD service center 1 02 for obtaining the certificate 
CER CP . 

[0371] Note that, in the present invention, it is also 
possible to employ an out-of-band method of obtaining 
the certificate CER CP from the EMD service center 1 02 
by the user home network 103 without storing the cer- 
tificate CER CP in the secure container 104, 
[0372] The mutual certification unit 1 20 performs mu- 
tual certification between the EMD service center 1 02 
and the user home network 1 03 to produce the session 
key data (common key) K SES when the content provider 
101 transmits or receives data on-line with the EMD 
service center 1 02 and the user home network 1 03, The 
session key data K SES is newly produced at each mutual 
certification. 

[0373] The encryption and/or decryption unit 121 en- 
crypts the data to be transmitted on-line to the EMD 
service center 102 and the user home network 103 by 
the content provider 101 by using the session key data 
k ses- 

[0374] Also, the encryption and/or decryption unit 1 21 
decrypts the data received on-line from the EMD service 
center 1 02 and the user home network 1 03 by the con- 
tent provider 101 by using the session key data K SES . 
[0375] The usage control policy data preparation unit 
1 22 produces the usage control policy data 1 06 and out- 
puts this to the EMD service center management unit 
125. 

[0376] The usage control policy data 1 06 is a descrip- 
tor defining operating rules of the content data C and for 
example describes the suggested retailer's price SRP 
intended by an operator of the content provider 101, 
copy rule of the content data C, etc. 
[0377] The SAM management unit 124 supplies the 
secure container 1 04 off-line or on-line to the user home 
network 103. 

[0378] Also, when distributing the secure container 
104 to the SAMs 105 1 to 105 4 on-line, the SAM man- 
agement unit 124 uses, as the communication protocol 
for transmitting the secure container 104, an MHEG 
(Multimedia and Hypermedia Information Coding Ex- 
perts Group) protocol if a digital broadcast or uses an 
XML/SMIL/HTML (Hyper TextMarkup Language) if the 
Internet and buries the secure containers 104 in these 
communication protocols in a form not depending upon 
the coding method by tunneling. 

[0379] Accordingly, it is not necessary to match for- 
mats between the communication protocol and the se- 
cure container 1 04, so the format of the secure container 
1 04 can be flexibly set. 

[0380] Note that, the communication protocol used 
when transmitting the secure container 104 from the 
content provider 101 to the user home network 103 is 



not limited to those mentioned above and may be any 
protocol. 

[0381 ] Figure 1 2 is a view for explaining a storage me- 
dium 130 1 of a ROM type used in the present embodi- 
5 ment. 

[0382] As shown in Fig. 1 2, the ROM type storage me- 
dium 1 30 1 has a ROM region 1 31 , a secure RAM region 
132, and a media SAM 133. 

[0383] In the ROM region 131, the content file CF 

10 shown in Fig. 5A is stored. 

[0384] Also, the secure RAM region 132 is a region 
where predetermined permission (certification) is nec- 
essary for accessing the stored data. Signature data 
produced by using a MAC (Message Authentication 

« Code) function with the key file KF and the certificate 
data CER CP and a storage use key data K STR having 
an inherent value in accordance with the type of the ap- 
paratus shown in Figs. 5B and 5C as factors and the 
data obtained by encrypting the related key file KF and 

20 the certificate data CER CP by using media key data 
k med having an inherent value in the storage medium 
are stored. 

[0385] Also, in the secure RAM region 132, for exam- 
ple, certificate revocation data (revocation list) for spee- 
ds jfying the content provider 101 and the SAMs 105., to 
1 05 5 which became invalid due to illegitimate actions or 
the like is stored, 

[0386] Also, in the secure RAM region 132, as will be 
mentioned later, usage control status (UCS) data 166 

30 etc. produced when the purchase and/or usage form of 
the content data C is determined in the SAMs 105-, to 
105 4 of the user home network 103 is determined are 
stored. By this, by the storage of the user control status 
data 166 in the secure RAM region 132, a ROM type 

35 storage medium 130 with a purchase and/or usage form 
determined therein is obtained. 

[0387] In the media SAM 133, for example the media 
ID serving as the identifier of the ROM type storage me- 
dium 1 30 1 and the media key data K MED are stored. 
40 [0388] The media SAM 1 33 has for example a mutual 
certificate authority function. 

[0389] As the storage medium of the ROM type used 
in the present embodiment, for example, other than one 
shown in Fig. 1 2, also a ROM type storage medium 1 30 2 

45 shown in Fig. 13 and a ROM type storage medium 130 3 
shown in Fig. 14 can be considered. 
[0390] The ROM type storage medium 130 2 shown in 
Fig. 13 has the ROM region 131 and the media SAM 
133 having the certificate authority function, but is not 

50 provided with the secure RAM region 132 as in the ROM 
type storage medium 130-| shown in Fig. 12. Where use 
is made of the ROM type storage medium 1 30 2 , the con- 
tent file CF is stored in the ROM region 1 31 , and the key 
file KF is stored in the media SAM 133, 

55 [0391] Also, the ROM type storage medium 130 3 
shown in Fig. 14 has the ROM region 131 and the secure 
RAM region 1 32 and does not have the media SAM 1 33 
as in the ROM type storage medium 130 1 shown in Fig. 



46 



BNSDOCID: <EP 1132828A1J_> 



91 



EP 1 132 828 A1 



92 



1 2. Where the ROM type storage medium 1 30 3 is used, 
the content file CF is stored in the ROM region 131, and 
the key file KF is stored in the secure RAM region 132. 
Also, where the ROM type storage medium 130 3 is 
used, mutual certification is not carried out with the 
SAM. 

[0392] Also, in the present embodiment, other than 
the ROM type storage medium, also a RAM type storage 
medium is used. 

[0393] As the RAM type storage medium used in the 
present embodiment, there is, for example, as shown in 
Fig. 15, a RAM type storage medium 130 4 having the 
media SAM 133, secure RAM region 132, and nonse- 
cure RAM region 1 34. In the RAM type storage medium 
130 4 , the media SAM 133 has the certificate authority 
function and stores the key file KF. Also, in the RAM re- 
gion 134, the content file CF is stored. 
[0394] Also, as the RAM type storage medium used 
in the present embodiment, other than that, also a RAM 
type storage medium 130 5 shown in Fig. 16 and a RAM 
type storage medium 1 30 6 shown in Fig. 1 7 can be con- 
sidered. 

[0395] The RAM type storage medium 130 5 shown in 
Fig. 16 has the nonsecure RAM region 134 and the me- 
dia SAM 1 33 having the certificate authority function . but 
is not provided with the secure RAM region 132 as in 
the RAM type storage medium 130 4 shown in Fig. 15. 
Where the RAM type storage medium 130 5 is used, the 
content file CF is stored in the RAM region 1 34, and the 
key file KF is stored in the media SAM 1 33. 
[0396] Also, the RAM type storage medium 130 6 
shown in Fig. 17 has the secure RAM region 132 and 
the nonsecure RAM region 134, but does not have the 
media SAM 133 as in the RAM type storage medium 
130 4 shown in Fig. 15. Where use is made of the RAM 
type storage medium 130 6 , the content file CF is stored 
in the RAM region 134, and the key file KF is stored in 
the secure RAM region 132. Also, where use is made 
of the RAM type storage medium 1 30 6 , mutual certifica- 
tion is not carried out with the SAM. 
[0397] Also, where the secure container 1 04 is distrib- 
uted on-line to the user home network 103 by using a 
network or a digital broadcast, the SAM management 
unit 1 24 encrypts the secure container 1 04 by using the 
session key data K SES in the encryption and/or decryp- 
tion unit 121 , and then distributes the same via the net- 
work to the user home network 103. 
[0398] In the present embodiment, as the SAM man- 
agement unit and the EMD service center management 
unit and the content provider management unit and 
service provider management unit mentioned later, use 
is made of a communication gateway having a tamper 
resistant structure whereby for example monitoring and 
tampering of the processing content of the internal por- 
tion cannot be carried out or are difficult. 
[0399] Here : in both of the case where the content da- 
ta C is distributed from the content provider 101 to the 
user home network 103 by using the storage medium 



1 30 n and the case where it is distributed on-line by using 
the network, use is made of the secure container 1 04 of 
a common form with the usage control policy data 1 06 
stored therein. Accordingly, in the SAMs 105 t to 105 4 of 

s the user home network 103, the rights clearing based 
on the common usage control policy data 106 can be 
carried out in both of the cases of off-line and on-line. 
[0400] Also, as mentioned above, in the present em- 
bodiment, the in-band method of enclosing the content 

10 data C encrypted by the content key data Kc and the 
content key data Kc for decrypting the related encryption 
in the secure container 104 is employed. In the in-band 
method, when it is intended to reproduce the content 
data C by the apparatus of the user home network 1 03, 

is it is not necessary to separately distribute the content 
key data Kc, so there is an advantage that the load of 
the network communication can be reduced. Also, the 
content key data Kc has been encrypted by the distribu- 
tion use key data KD 1 to KD 6 , but the distribution use 

20 key data KD-, to KD 6 are managed at the EMD service 
center 1 02 and distributed to the SAMs 1 05 1 to 1 05 5 of 
the user home network 1 03 in advance (when the SAMs 
1 05-, to 1 05 4 access the EM D service center 1 02 for the 
first time), therefore, in the user home network 103, the 

25 usage of the content data C off-line becomes possible 
without connecting with the EMD service center 1 02 on- 
line. 

[0401] Note that, the present invention has the flexi- 
bility to employ the out-of-band method for separately 
30 supplying the content data C and the content key data 
Kc to the user home network 103 as will be mentioned 
later. 

[0402] When receiving the settlement report data 1 07 
from the EMD service center 1 02, the EMD service cent- 

35 er management unit 125 decrypts it at the encryption 
and/or decryption unit 121 by using the session key data 
K SES and then stores the same in the storage unit 119. 
[0403] As the settlement report data 107, for example, 
the content of the settlement concerning the content 

40 provider 1 01 performed by the EMD service center 1 02 
at the settlement manager 91 shown in Fig. 1 is de- 
scribed. 

[0404] Also, the EMD service center management 
unit 125 transmits the content ID as a global unique 

45 identifier of the content data C to be provided, a public 
key data Kcpp, and signature data SIG 9 CP of them to 
the EMD service center 102 and receives as input the 
certificate data CER CP of the public key data K^p p from 
the EMD service center 102. 

so [0405] Also, the EMD service center management 
unit 125 produces, as shown in Fig. 18, a registration 
module Mod 2 storing the content ID as the global unique 
identifier of the content data C to be provided, the con- 
tent key data Kc, the usage control policy data 1 06, the 

55 watermark module WM, CP_ID as the global unique 
identifier of the content provider 1 01 , and signature data 
SIG M1 CP by the secret key data K CPS of the content 
provider 1 01 for them therein when registering the con- 
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tent key data Kc, the usage control policy data 1 06, and 
the watermark module WM in the EMD service center 
1 02 and receiving the key file KF for each of the content 
data C. Then, the EMD service center 1 25 encrypts the 
registration module Mod 2 in the encryption and/or de- 
cryption unit 121 by using the session key data K SES 
and then transmits the same via the network to the EMD 
service center 1 02. As the EMD service center manage- 
ment unit 125 t as mentioned above, for example use is 
made of a communication gateway having a high 
tamper resistant structure whereby monitoring or tam- 
pering of the processing content of the internal portion 
cannot be carried out or are difficult. 
[0406] Below, an explanation will be given of the flow 
of the processing in the content provider 1 01 by referring 
to Fig. 3 and Fig. 4. 

[0407] Note that, as a prerequisite for performing the 
following processing, the interested party of the content 
provider 1 01 performs the registration processing for the 
EMD service center 1 02 off-line by using for example its 
own ID and a bank account for performing the settle- 
ment processing and acquires the global unique identi- 
fier CP JD. The identifier CPJD is stored in the storage 
unit 119. 

[0408] First, an explanation will be given of the 
processing where the content provider 1 01 requests the 
certificate data CER CP for proving the legitimacy of the 
public key data Kcpg corresponding to its own secret 
key data K CPS from the EMD service center 102 by re- 
ferring to Fig. 4. 

[0409] The content provider 1 01 generates a random 
number by using a true random number generator to 
produce the secret key data Kqp.s^ produces the public 
key data K cpp corresponding to the related secret key 
data Kcp s and stores the same in the storage unit 1 1 9. 
[041 0] The EMD service center management unit 1 25 
reads out the identifier CPJD and the public key data 
Kcpp of the content provider 101 from the storage unit 
119. 

[0411] Then, the EMD service center management 
unit 125 transmits the identifier CPJD and the public 
key data Kc P p to the EMD service center 1 02. 
[0412] Then, the EMD service center management 
unit 125 receives as input the certificate data CER CP 
and the signature data SIG 1 ESC thereof from the EMD 
service center 102 in accordance with the related reg- 
istration and writes them into the storage unit 119. 
[0413] Next, an explanation will be given of the 
processing where the content provider 101 registers the 
content key data Kc, usage control policy data 1 06, and 
the watermark module WM in the EMD service center 
102 and receives the key file KF corresponding to the 
content data C by referring to Fig. 4, Fig. 1 8, and Fig. 1 9. 
[041 4] The registration of the usage control policy da- 
ta 106 etc. is carried out for individual content data C. 
[0415] Figure 19 is a flowchart for explaining the reg- 
istration processing from the content provider 1 01 to the 
EMD service center 102. 



[0416] Step A1 : Mutual certification is carried out be- 
tween the mutual certification unit 120 of the content 
provider 101 shown in Fig. 4 and the EMD service center 
102. 

5 [0417] Step A2: The session key data K SES obtained 
by the mutual certification performed at step A1 is 
shared by the content provider 1 0 1 an d the EM D service 
center 102. 

[0418] Step A3: The content provider 101 reads out 
10 the content ID, content key data Kc, usage control policy 
data 1 06, watermark module WM , and CPJD, etc. to be 
registered into the EMD service center 1 02 from the da- 
tabase of the storage unit 1 1 9 etc. 
[0419] Step A4: In the signature processing unit 117, 
'5 the signature data SIG M1 cp indicating the legitimacy of 
the sender is produced for a module containing for ex- 
ample the usage control policy data 106 readout at step 
A3 by using the secret key data K CPS of the content pro- 
vider 101. 

20 [0420] Then, the EMD service center management 
unit 125 produces the registration use module Mod 2 
storing the content ID, content key data Kc, usage con- 
trol policy data 1 06, watermark module WM and CPJD, 
and the signature data SIG M1 CP for them therein as 

25 shown in Fig. 18. 

[0421] Step A5: The encryption and/or decryption unit 
121 encrypts the registration use module Mod 2 pro- 
duced at step A4 by using the session key data K SES 
shared at step A2. 

30 [0422] Step A6: The EMD service center manage- 
ment unit 125 transmits the registration use module 
Mod 2 encrypted at step A5 to the EMD service center 
102. 

[0423] The processing of step A7 and following 
35 processing are the processing in the EMD service cent- 
er 102. 

[0424] Step A7: The EMD service center 1 02 decrypts 
the received registration use module Mod 2 by using the 
session key data K SES shared at step A2. 

40 [0425] Step A8: The EMD service center 1 02 verifies 
the signature data SIG M1 CP stored in the decrypted reg- 
istration use module Mod 2 by using the public key data 
Kcpp, confirms the legitimacy of the sender of the reg- 
istration use module Mod 2 , and performs the processing 

45 of step A9 under the condition that the legitimacy of the 
sender is proved. 

[0426] Step A9: The EMD service center 102 stores 
and registers the content ID, content key data Kc, usage 
control policy data 106, watermark module WM, and 
so CPJD stored in the registration use module Mod 2 in the 
predetermined database. 

[0427] Note that, the EMD service center manage- 
ment unit 125 receives, as shown in Fig. 1 8, for example 
six months' worth of the key files KF from the EMD serv- 
es ice center 102 after the registration processing in ac- 
cordance with the registration use module Mod 2 is car- 
ried out for the EMD service center 102, decrypts the 
related received key files KF by using the session key 
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data K SES obtained by the mutual certification between 
the mutual certification unit 120 and the EMD service 
center 1 02, and then stores the same in the key file da- 
tabase 118b. 

[0428] Next, an explanation will be given of the 
processing where the content provider 1 01 transmits the 
secure container 1 04 to the SAM 1 05 1 of the user home 
network 103 by referring to Fig. 3 and Fig. 4. 
[0429] Note that, in the following example, the case 
where the secure container 1 04 is transmitted from the 
content provider 101 to the SAM 105 1 is exemplified, 
but the case where the secure container 104 is trans- 
mitted to each of the SAMs 1 05 2 to 1 05 4 is the same 
except it transmitted to each of the SAMs 1 05 2 to 105 4 
via the SAM 105 v 

[0430] First, as shown in Fig. 3 : the content data S1 1 1 
is read out from the content master source database 1 1 1 
and output to the electronic watermark information ad- 
dition unit 112. 

[0431 ] Next, the electronic watermark information ad- 
dition unit 112 buries the electronic watermark informa- 
tion in the content data S1 11 to produce the content data 
S112 and outputs this to the compression unit 113. 
[0432] Next, the compression unit 113 compresses 
the content data S112 by for example the ATRAC3 
method to produce the content data S113 and outputs 
this to the encryption unit 114. 

[0433] Also, as shown in Fig. 4, the content key data 
Kc is produced by generating a random number at the 
random number generation unit 115, and the related 
produced content key data Kc is stored in the storage 
unit 119. 

[0434] Next, the encryption unit 114 encrypts the con- 
tent data S1 1 3 input from the compression unit 113, me- 
ta data Meta read out from the storage unit 119, the N 
V expansion use software Soft and the watermark mod- 
ule WM by using the content key data Kc and outputs 
the same to the secure container preparation unit 118. 
I n this case, it is also possible if the meta data Meta and 
the watermark module WM are not encrypted. 
[0435] Then, the secure container preparation unit 
1 1 8 produces the content file CF shown in Fig. 5A. Also, 
in the signature processing unit 117, the hash value of 
the content file CF is obtained and the signature data 
SIG 6 CP is produced by using the secret key data Kcp g. 
[0436] Also, the secure container preparation unit 1 1 8 
reads out the key file KF corresponding to the content 
data C from the key file database 1 1 8b and outputs this 
to the signature processing unit 117. 
[0437] Then, the signature processing unit 117 ob- 
tains the hash value of the key file KF input from the 
secure container preparation unit 118, produces the sig- 
nature data SIG 7 CP by using the secret key data Kq PS > 
and outputs this to the secure container preparation unit 
118. 

[0438] Next, the secure container preparation unit 1 1 8 
produces the secure container 104 storing the content 
file .CF and the signature data SIG 6 CP thereof shown in 



Fig. 5A, the key file KF and the signature data SIG 7CP 
thereof shown in Fig. 5B, and the certificate data CER CP 
and the signature data SIG 1 ESC thereof shown in Fig. 
5C read out from the storage unit 1 1 9 therein and stores 

5 this in the secure container database 118b. Then, the 
secure container preparation unit 118 reads out the se- 
cure container 1 04 to be provided to the user home net- 
work 1 03 in response to for example a request from the 
user from the secure container database 1 1 8a, encrypts 

10 this at the encryption and/or decryption unit 121 by using 
the session key data K SES obtained by the mutual cer- 
tification between the mutual certification unit 120 and 
the SAM 1 05 1 , and then transmits the same via the SAM 
management unit 1 24 to the SAM 1 05 1 of the user home 

15 network 103. 

[0439] Below, a summary of the flow of the overall 
processing of the content provider 1 01 will be explained 
relative to the secure container preparation processing. 
[0440] Figure 20, Fig. 21 , and Fig. 22 are flowcharts 

20 for explaining the flow of the related processing. 

[0441 ] Step B1 : The content provider 1 01 receives as 
input its own certificate data CER CP from the EMD serv- 
ice center 1 02 in advance and stores this in the storage 
unit (database) 119. 

25 [0442] Step B2: The content data to be newly au- 
thored and an already stored content master source 
such as legacy content data are digitized, allocated a 
content ID, and stored in the content master source da- 
tabase 111 and uniquely managed. 

30 [0443] Step B3: The meta data Meta is produced for 
each content master source uniquely managed at step 
B1 and is stored in the storage unit 119. 
[0444] Step B4: The content data S1 11 serving as the 
content master source is read out from the content mas- 

35 ter source database 1 1 1 and output to the electronic wa- 
termark information addition unit 112, the electronic wa- 
termark information is buried, and the content data S1 12 
is produced. 

[0445] Step B5: The electronic watermark information 
40 addition unit 112 stores the content of the buried elec- 
tronic watermark information and the burial location in 
the predetermined database. 

[0446] Step B6: In the compression unit 113, the con- 
tent data S1 1 2 with the electronic watermark information 
<*5 buried therein is compressed to produce the content da- 
ta S113. 

[0447] Step B7: In the expansion unit 116, the com- 
pressed content data S113 is expanded to produce the 
content data S116. 
so [0448] Step B8: In the audial check unit 1 23, the check 
of the sound of the expanded content data S11 6 is car- 
ried out. 

[0449] Step B9: The content provider 1 01 detects the 
electronic watermark information buried in the content 
55 data S116 based on the buried content and the burial 
location stored in the database at step B5. 
[0450] Then, the content provider 101 performs the 
processing of step B10 where both of the audial check 
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and the detection of the electronic watermark informa- 
tion succeed, while repeats the processing of step B4 
where either one fails. 

[0451] Step B10: A random number is generated at 
the random number generation unit 1 1 5 to produce the 
content key data Kc, and this is stored in the storage 
unit 119. 

[0452] Step B1 1 : In the encryption unit 11 4, the com- 
pressed content data S113 is encrypted by using the 
content key data Kc to produce the content data C. 
[0453] Step B12: In the usage control policy data 
preparation unit 122, the usage control policy data 106 
for the content data C is produced. 
[0454] Step B13: The content provider 101 deter- 
mines the SRP and stores this in the storage unit 119. 
[0455] Step B14: The content provider 101 outputs 
the content ID, content key data Kc, and the usage con- 
trol policy data 106 to the EMD service center 102. 
[0456] Step B15: The content provider 101 receives 
as input the key file KF encrypted by the distribution use 
key data KD 1 to KD 3 from the EMD service center 102. 
[0457] Step B1 6: The content provider 1 01 stores the 
input key file KF in the key file database 118b. 
[0458] Step B17: The content provider 101 connects 
the links of the content data C and the key file KF by the 
hyper link. 

[0459] StepB18: In the signature processing unit 11 7, 
the signature data indicating the legitimacy of the pro- 
ducer is produced by using the secret key data K CP s for 
each of the content data C and the key files KF. 
[0460] Step B1 9: In the secure container preparation 
unit 118, the secure container 104 shown in Fig. 5 is 
produced. 

[0461 ] Step B20: Where the content data is provided 
in a composite form using a plurality of secure contain- 
ers, the processing of the steps B1 to B19 is repeated 
to produce the secure container 104 and the link be- 
tween the content file CF and the key file KF and the link 
among the content files CF by using the hyper link, etc. 
[0462] Step B21 : The content provider 101 stores the 
produced secure container 104 in the secure container 
database 1 1 8a. 

[EMD service center 1 02] 

[0463] The EMD service center 102 has a certificate 
authority (CA) function, a key management function., 
and a rights clearing (profit distribution) function. 
[0464] Figure 23 is a view of the configurations of 
functions of the EMD service center 102. 
[0465] As shown in Fig. 23, the EMD service center 
1 02 has a key server 1 41 , a key database 141a, a set- 
tlement processing unit 1 42, a signature processing unit 
143, a settlement manager management unit 144, a cer- 
tificate and/or usage control policy management unit 
145, a usage control policy database 145a, a certificate 
database 145b, a content provider management unit 
1 48, a CP database 1 48a, a SAM management unit 1 49, 



a SAM database 149a, a mutual certification unit 150, 
an encryption and/or decryption unit 1 51 , and a KF prep- 
aration unit 153. 

[0466] Note that, in Fig. 23, the flow of the data related 
5 to the data transmitted and received between the EMD 
service center 102 and the content provider 101 in the 
flow of the data among the functional blocks in the EMD 
service center 102 is shown. 

[0467] Also, in Fig. 24, the flow of the data related to 
10 the data transmitted and received between the SAMs 
105 1 to 105 4 and the settlement manager 91 shown in 
Fig. 1 in the flow of the data among the functional blocks 
in the EMD service center 102 is shown. 
[0468] The key server 141 reads out six months' worth 
is of the distribution use key data having the expiration 
date of one month stored in the key database 141 a and 
outputs the same to the SAM management unit 149. 
[0469] Also, other than the key database 141 a distri- 
bution use key data KD, one series of key data for stor- 
20 ing the key data such as the secret key data K ESC s of 
the EMD service center 1 02, storage use key data K STR , 
media key data K MED , and the MAC key data K MAC are 
stored. 

[0470] The settlement processing unit 142 performs 
25 settlement processing based on the usage log data 1 08 
input from the SAMs 1 05-, to 1 05 4 , the suggested retail- 
er's price SRP input from the certificate and/or usage 
control policy management unit 145 and sales price, 
produces the settlement report data 1 07 and settlement 
30 claim data 152, outputs the settlement report data 107 
to the content provider management unit 1 48, and out- 
puts the settlement claim data 152 to the settlement 
manager management unit 144. 

[0471] Note that, the settlement processing unit 142 

35 monitors whether or not transactions based on an illegal 
dumping price were carried out based on the sales price. 
[0472] Here, the usage log data 1 08 indicates the log 
of the purchase and usage (reproduction, recording, 
transfer, etc.) of the secure container 104 in the user 

40 home network 103 and is used when determining the 
payment sum of a license fee related to the secure con- 
tainer 104 in the settlement processing unit 142. 
[0473] In the usage log data 1 08, for example the con- 
tent ID serving as the identifier of the content data C 

45 stored in the secure container 1 04, the identifier CPJD 
of the content provider 101 distributing the secure con- 
tainer 1 04, the compression method of the content data 
C in the secure container 104, an identifier MediaJD of 
the storage medium storing the secure container 104, 

50 the identifier SAMJD of the SAMs 1 05 1 to 1 05 4 receiv- 
ing the distribution of the secure container 104, 
USERJD of the user of the related SAMs 1 05 1 to 1 05 4 , 
etc. are described. Accordingly, the EMD service center 
1 02 determines the sum of payment for each other party 

55 based on a distribution rate table determined in advance 
when it is necessary to distribute the money paid by the 
user of the user home network 1 03 to license owners of 
for example the compression method and the storage 



50 



BNSDOCID: <EP_ 



.1132828A1_I_> 



99 



EP 1 132 828 A1 



100 



medium other than the owner of the content provider 
101 and produces the settlement report data 107 and 
the settlement claim data 152 in accordance with the 
related determination. The related distribution rate table 
is produced for example for every content data stored 
in the secure container 104. 

[0474] Also, the settlement claim data 152 is the au- 
thenticated data for which the payment of money to the 
settlement manager 91 may be claimed. For example, 
when the money paid by the user is distributed to a plu- 
rality of right holders, it is produced for individual right 
holders. 

[0475] Note that, the settlement manager 91 sends a 
statement of the related settlement managerto the EMD 
service center 102 when the settlement is terminated. 
The EMD service center 1 02 notifies the content of the 
related statement to the corresponding right holders. 
[0476] The settlement manager management unit 
144 transmits the settlement claim data 152 produced 
by the settlement processing unit 142 via the payment 
gateway 90 shown in Fig. 1 to the settlement manager 
91. 

[0477] Note that, as will be mentioned later, it is also 
possible if the settlement manager management unit 
1 44 transmits the settlement claim data 1 52 to the right 
holders of the content provider 101 etc., and the right 
holders per se perform the settlement at the settlement 
manager 91 by using the received settlement claim data 
152. 

[0478] Also, the settlement manager management 
unit 144 obtains the hash value of the settlement claim 
data 1 52 in the signature processing unit 1 43 and trans- 
mits signature data SIG 99 produced by using the secret 
key data K ESC s together with the settlement claim data 
1 52 to the settlement manager 91 . 
[0479] The certificate and/or usage control policy 
management unit 145 reads out the certificate data 
CER CP and certificate data CER SAM1 to CER SAM4 etc. 
which are registered (stored) in the certificate database 
1 45b and authenticated and, at the same time, registers 
the usage control policy data 1 06 of the content provider 
101, the content key data Kc, the watermark module 
WM, etc. in the usage control policy database 145a to 
authenticate the same. 

[0480] Here, for the usage control policy database 
145a, a search is carried out by using the content ID as 
a search key, while for the certificate database 145b, a 
search is carried out by using the identifier CP_ID of the 
content provider 101 as the search key. 
[0481] Also, the certificate and/or usage control policy 
management unit 1 45 obtains the hash values of for ex- 
ample the usage control policy data 106, content key 
data Kc, and the watermark module WM and stores the 
authenticated data attached with the signature data us- 
ing the secret key data K ESC s in the usage control policy 
database 145a. 

[0482] The content provider management unit 148 
has a function of communication with the content pro- 



vider 101 and can access the CP database 148a for 
managing the identifiers CPJD etc. of the registered 
content providers 101 . 

[0483] The SAM management unit 149 has a function 

5 of communication with the SAMs 1 05 A to 1 05 4 in the us- 
er home network 1 03 and can access the SAM database 
149a storing the identifiers SAMJD and SAM registra- 
tion list etc. of the registered SAMs. 
[0484] The KF preparation unit 153 outputs the con- 

10 tent key data Kc and usage control policy data 1 06 input 
from the content provider management unit 148 and the 
SAM program download containers SDC 1 to SDC 3 to 
the signature processing unit 143. 
[0485] Also, the KF preparation unit 1 53 encrypts the 

*5 content key data Kc, the usage control policy data 1 06, 
and the SAM program download containers SDC 1 to 
SDC 3 by using the distribution use key data KD 1 to KD 6 
of the corresponding period input from the key server 
1 41 , produces the key file KF storing the related encrypl- 

20 ed data and the signature data SIG K1 ESC by the secret 
key data K ESC s for the related encrypted data input from 
the signature processing unit 143 therein as shown in 
Fig. 5B, and stores the related produced key file KF in 
the KF database 153a. 

25 [0486] Below, an explanation will be given of the flow 
of the processing in the EMD service center 1 02. 
[0487] First, an explanation will be given of the flow 
of the processing when transmitting the distribution use 
key data from the EMD service center 1 02 to the SAMs 

30 1 05 1 to 1 05 4 in the user home network 1 03 by referring 
to Fig. 24. 

[0488] As shown in Fig. 24, the key server 141 reads 
out for example three months' worth of the distribution 
use key data KD-, to KD 3 from the key database 141a 
35 every predetermined period and outputs the same to the 
SAM management unit 149. 

[0489] Also, the signature processing unit 1 43 obtains 
the hash values of each of the distribution use key data 
KD 1 to KD 3 to produce signature data SIG KD1 ESC to 

40 SIG KD3 ESC individually corresponding to them by using 
the secret key data K ESC s of the EMD service center 
102 and outputs them to the SAM management unit 149. 
[0490] The SAM management unit 149 encrypts 
these three months' worth of the distribution use key da- 

45 ta KD., to KD 3 and the signature data SIG KD1 ESC to 
SIG KD3 ESC of them by using the session key data K SES 
obtained by the mutual certification between the mutual 
certification unit 150 and the SAMs 105 1 to 105 4 and 
then transmits them to the SAMs 105 t to 105 4 . 

so [0491] Next, an explanation will be given of the 
processing in the case where the EMD service center 
102 receives an issuance request of the certificate data 
CER CP from the content provider 101 by referring to Fig. 
23. 

55 [0492] In this case, when receiving the identifier 
CPJD of the content provider 101, public key data 
K CPP , and the signature data SIG 9 CP from the content 
provider 101, the content provider management unit 1 48 
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decrypts them by using the session key data K SES ob- 
tained by the mutual certification between the mutual 
certification unit 1 50 and the mutual certification unit 1 20 
shown in Fig. 4. 

[0493] Then, after confirming the legitimacy of the re- 
lated decrypted signature data SIG 9CP at the signature 
processing unit 143, it is confirmed whether or not the 
content provider 1 01 issuing the issuance request of the 
related certificate data is registered in the CP database 
148a based on the identifier CP_ID and the public key 
data Kcpp. 

[0494] Then, the certificate and/or usage control pol- 
icy management unit 145 reads out the certificate data 
CER CP of the related content provider 1 01 from the cer- 
tificate database 145b and outputs this to the content 
provider management unit 148. 

[0495] Also, the signature processing unit 1 43 obtains 
the hash value of the certificate data CER CP , produces 
the signature data SIG 1 ESC by using the secret key data 
k esc,s of tne EMD service center 1 02, and outputs this 
to the content provider management unit 148. 
[0496] Then, the content provider management unit 
148 encrypts the certificate data CER CP and the signa- 
ture data SIG 1ESC thereof by using the session key data 
k ses obtained by the mutual certification between the 
mutual certification unit 150 and the mutual certification 
unit 120 shown in Fig. 4 and then transmits the same to 
the content provider 1 01 . 

[0497] Next, an explanation will be given of the 
processing where the EMD service center 1 02 receives 
the issuance request of the certificate data CER SAM1 
from the SAM 1 05 1 by referring to Fig. 24. 
[0498] In this case, when receiving an identifier 
SAM! JD of the SAM 1 05, , public key data K SAM1 p , and 
signature data SIG 8 SAM1 from the SAM 105^ the SAM 
management unit 149 decrypts them by using the ses- 
sion key data K SES obtained by the mutual certification 
between the mutual certification unit 150 and the SAM 
105 v 

[0499] Then, after confirming the legitimacy of the re- 
lated decrypted signature data SIG 8 SAM1 in the signa- 
ture processing unit 143, based ' on the identifier 
SAM^ID and the public key data K SAM1 p , it is con- 
firmed whether or not the SAM 1 05 1 outputting the issu- 
ance request of the related certificate data is registered 
in the SAM database 149a. 

[0500] Then, the certificate and/or usage control pol- 
icy management unit 145 reads out the certificate data 
cer sami of tne related SAM 105., from the certificate 
database 145b and outputs this to the SAM manage- 
ment unit 149. 

[0501] Also, the signature processing unit 1 43 obtains 
the hash value of the certificate data CER SAM1 , produc- 
es signature data SIG 50 ESC by using the secret key data 
k esc,s of tne EMD service center 1 02, and outputs this 
to the SAM management unit 149. 
[0502] Then, the SAM management unit 149 encrypts 
the certificate data CER SAM1 and the signature data 



SIG 50,esc thereof by using the session key data K SES 
obtained by the mutual certification between the mutual 
certification unit 150 and the SAM 105 15 and then trans- 
mits the same to the SAM 1 05, . 

5 [0503] Note that, the processing where the SAMs 
1 05 1 to 1 05 4 request the certificate data is the same as 
the case of the SAM 1 05., mentioned above except only 
the object is replaced by the SAMs 105 1 to 1 05 4 . 
[0504] Note that, in the present invention, it is also 

10 possible if the EMD service center 1 02 produces the cer- 
tificate data CER SAM1 of the public key data K SAM1 p at 
the time of shipment when a secret key data K SAM1 s 
and the public key data K SAM1 P of the SAM 105! are 
stored in the storage unit of the SAM 1 05., at for example 

*5 the related shipment of the SAM 105-,. 

[0505] At this time, at the related shipment, it is also 
possible to store the certificate data CER SAM1 in the 
storage unit of the SAM 105.,. 

[0506] Next, an explanation will be given of the 
20 processing where the EMD service center 1 02 receives 
the registration use module Mod 2 shown in Fig. 1 from 
the content provider 101 by referring to Fig. 23. 
[0507] In this case, when the content provider man- 
agement unit 148 receives the registration use module 
25 Mod 2 shown in Fig. 18 from the content provider 101 , 
the registration use module Mod 2 is decrypted by using 
the session key data K SES obtained by the mutual cer- 
tification between the mutual certification unit 150 and 
the mutual certification unit 120 shown in Fig. 4. 
30 [0508] Then, in the signature processing unit 1 43, the 
legitimacy of the signature data SIG M1 cp is verified by 
using the public key data Kc PP read out from the key 
database 141a. 

[0509] Next, the certificate and/or usage control policy 
35 management unit 1 45 registers the usage control policy 
data 106, content key data Kc, watermark module WM, 
and SRP stored in the registration use module Mod 2 in 
the usage control policy database 145a. 
[0510] Next, the content provider management unit 
40 1 48 outputs the content key data Kc and the usage con- 
trol policy data 1 06 to the KF preparation unit 153. 
[0511] Next, the KF preparation unit 153 outputs the 
content key data Kc and usage control policy data 106 
input from the content provider management unit 148 
45 and the SAM program download containers SDC, to 
SDC 3 to the signature processing unit 143. 
[0512] Then, the signature processing unit 143 ob- 
tains the hash value with respect to the whole data input 
from the KF preparation unit 153, produces the signa- 
ge ture data SIG K1 ESC thereof by using the secret key data 
K ESC,s of tne EMD service center 1 02, and outputs this 
to the KF preparation unit 153. 

[0513] Next, in the KF preparation unit 153, by using 
the distribution use key data KD 1 to KD 6 of the corre- 
55 sponding period input from the key server 1 41 , the con- 
tent key data Kc and usage control policy data 1 06 and 
the SAM program download containers SDC 1 to SDC 3 
are encrypted, and the key file KF storing the related 
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encrypted data and the signature data SIG K1 ESC input 
from the signature processing unit 1 43 therein is pro- 
duced and is stored in the KF database 153a. 
[0514] Here : as the SAM program download contain- 
ers SDC 1 to SDC 3 , it is also possible to use those stored 
in the registration use module Mod 2 or it is also possible 
to use those held by the EMD service center 1 02 in ad- 
vance. 

[0515] Next, the content provider management unit 
148 encrypts the key file KF obtained by accessing the 
KF database 153a by using the session key data K SES 
obtained by the mutual certification between the mutual 
certification unit 1 50 and the mutual certification unit 1 20 
shown in Fig. 4, and then transmits the same to the con- 
tent provider 101 . 

[051 6] Next, an explanation will be given of the settle- 
ment processing performed in the EMD service center 
102 by referring to Fig. 24. 

[0517] When receiving as input the usage log data 
1 08 and signature data SIG 2 oo,sami thereof from for ex- 
ample the SAM 1 05 1 of the user home network 103, the 
SAM management unit 1 49 decrypts the usage log data 
108 and the signature data SIGgoo.sAMi bv usin 9 tne 
session key data K SES obtained by the mutual certifica- 
tion between the mutual certification unit 150 and the 
SAM 105.,, verifies the signature data SIG 200SAM1 bv 
the public key data K SAM1 of the SAM 105 1t and then 
outputs the same to the settlement processing unit 1 42. 
[0518] Then, the settlement processing unit 142 per- 
forms the settlement processing based on the usage log 
data 108 input from the SAM management unit 149 and 
the suggested retailer's price SRP contained in the us- 
age control policy data 1 06 read out from the usage con- 
trol policy database 1 45a via the certificate and/or usage 
control policy management unit 145 and the sales price 
and produces the settlement claim data 1 52 and the set- 
tlement report data 1 07. 

[051 9] The settlement processing unit 1 42 outputs the 
settlement claim data 152 to the settlement manager 
management unit 144 and, at the same time, outputs 
the settlement report data 107 to the content provider 
management unit 148. 

[0520] Next, the settlement manager management 
unit 1 44 transmits the settlement claim data 1 52 and the 
signature data SIGgg thereof via the payment gateway 
90 shown in Fig. 1 to the settlement manager 91 after 
the mutual certification and the decryption by the ses- 
sion key data K SES . 

[0521] By this, the money of the sum indicated in the 
settlement claim data 1 52 is paid to the content provider 
101. 

[0522] Next, an explanation will be given of the 
processing where the EMD service center 1 02 transmits 
the settlement report to the content provider 101 by re- 
ferring to Fig. 23. 

[0523] When the settlement is carried out in the set- 
tlement processing unit 142, as mentioned above, the 
settlement report data 107 is output from the settlement 



processing unit 142 to the content provider manage- 
ment unit 148. 

[0524] In the settlement report data 107 } as men- 
tioned above, for example the content of the settlement 
5 concerning the content provider 1 01 performed with re- 
spect to the settlement manager 91 shown in Fig. 1 by 
the EMD service center 102 is described. 
[0525] When receiving as input the settlement report 
data 107 from the settlement processing unit 142, the 
EMD service center 1 02 encrypts this by using the ses- 
sion key data K SES obtained by the mutual certification 
between the mutual certification unit 1 50 and the mutual 
certification unit 120 shown in Fig. 4 and then transmits 
the same to the content provider 1 01 . 
[0526] Also, after registering (authenticating) the us- 
age control policy data 106 as mentioned above, the 
EMD service center 102 may encrypt the authenticated 
certificate module by the distribution use key data KD 1 
to KD 6 and transmit the same from the EMD service 
center 102 to the content provider 101 too. 
[0527] Also, the EMD service center 1 02 performs the 
processing at the time of shipment of the SAMs 1 05 1 to 
105 4 and the registration processing of the SAM regis- 
tration list other than the above, but these processings 
will be mentioned later. 

[User home network 1 03] 

[0528] The user home network 1 03 has a network ap- 
paratus 160 1 and AA/ apparatuses 160 2 to 160 4 as 
shown in Fig. 1 . 

[0529] The network apparatus 160 1 includes a built- 
in SAM 105.,. Also, the AV apparatuses 160 2 to 160 4 
includes built-in SAMs 1 05 2 to 105 4 . 
[0530] The SAMs 1 05 1 to 1 05 4 are connected to each 
other via a bus 191, for example, an IEEE1394 serial 
interface bus. 

[0531] Note that, the AV apparatuses 160 2 to 160 4 
can have a network communication function too or may 
not have the network communication function, but utilize 
the network communication function of the network ap- 
paratus 1 60 1 via the bus 1 91 . 

[0532] Also, the user home network 1 03 can have on- 
ly AV apparatuses not having the network function too. 
[0533] Below, an explanation will be made of the net- 
work apparatus 1 60 1 . 

[0534] Figure 25 is a view of the configuration of the 
network apparatus 1 60 1 . 

[0535] As shown in Fig. 25, the network apparatus 
1 60 1 has the SAM 1 05! , a communication module 1 62, 
a decryption and/or expansion module 1 63, a purchase 
and/or usage form determination operation unit 165, a 
download memory 1 67, a reproduction module 1 69, and 
an external memory 201 . 

[0536] The SAMs 1 05^ to 1 05 4 are modules for per- 
forming the charge processing in units of content and 
communicate with the EMD service center 102. 
[0537] The SAMs 105! to 105 4 are managed in their 
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specifications, versions, etc. by for example the EMD 
service center 1 02. If there is a desire for mounting them 
by a home electric apparatus maker, they are licensed 
as a black box charging module for charging in units of 
content. For example, a home electric apparatus devel- 
oper/manufacturer cannot determine the specifications 
inside the ICs (integrated circuits) of the SAMs 105! to 
1 05 4 . The EMD service center 1 02 standardizes the in- 
terfaces etc. of the related ICs, They are mounted in the 
network apparatus 160! and the AV apparatuses 160 2 
to 160 4 according to that. 

[0538] The SAMs 1 05! to 1 05 4 are hardware modules 
(IC modules etc.) having tamper resistance so that the 
processing contents thereof are completely sheltered 
from the outside, the processing contents cannot be 
monitored or tampered with from the outside, and the 
data stored inside in advance and the data being proc- 
essed cannot be monitored and tampered with from the 
outside. 

[0539] When the functions of the SAMs 1 05! to 105 4 
are realized in the form of ICs, secret memories are pro- 
vided inside the ICs, and secret programs and secret 
data are stored there. If the function of a SAM can be 
incorporated in any other portion of the apparatus not 
limited to the physical form of an IC, that portion can be 
defined as a SAM too. 

[0540] Below, a detailed explanation will be made of 
the function of the SAM 105!. 

[0541] Note that the SAMs 105 2 to 1 05 4 have basical- 
ly the same functions as the SAM 105!. 
[0542] Figure 26 is a view of the configuration of the 
function of the SAM 1 05! . 

[0543] Note that, in Fig. 26, the flow of the data related 
the processing of inputting a secure container 1 04 from 
the content provider 101 and decrypting the key file KF 
in the secure container 104 is shown. 
[0544] As shown in Fig. 26, the SAM 1 05! nas a mu- 
tual certification unit 170, encryption and/or decryption 
units 171, 172, and 173, a content provider manage- 
ment unit 1 80, an error correction unit 1 81 , a download 
memory management unit 182, a secure container de- 
cryption unit 1 83, a decryption and/or expansion module 
management unit 1 84, an EMD service center manage- 
ment unit 185, a usage monitor unit 186, a charge 
processing unit 187, a signature processing unit 189, a 
SAM management unit 1 90, a media SAM management 
unit 197, a stack (work) memory 200, and an external 
memory management unit 81 1 . 

[0545] Note that, the AV apparatuses 1 60 2 to 1 60 4 do 
not have the download memory 167, so the download 
memory management unit 182 does not exist in the 
SAM 105 2 to 105 4 . 

[0546] Note that, the predetermined function of the 
SAM 105! shown in Fig. 26 is realized by executing a 
secret program in for example a not illustrated CPU. 
[0547] Also, in the external memory 201 , after going 
through the following processing, as shown in Fig. 27, 
a usage log data 108 and a SAM registration list are 



stored. 

[0548] Here, the memory space of the external mem- 
ory 201 cannot be seen from the outside (for example 
a host CPU 81 0) of the SAM 1 05! . Only the SAM 1 05! 
5 can manage access with respect to the storage region 
of the external memory 201 . 

[0549] As the external memory 210, use is made of 
for example a flash memory or a ferro-electric memory 
(FeRAM). 

10 [0550] Also, as the stack memory 200, use is made 
of for example a SARAM. As shown in Fig. 28, the se- 
cure container 104, content key data Kc, usage control 
policy data (UCP) 1 06 , a lock key data K LOC of a storage 
unit 1 92, certificate data CER CP of the content provider 

*s 101, usage control status data (UCS) 166, SAM pro- 
gram download containers SDC! to SDC 3 , etc. are pro- 
vided. 

[0551] Below, among the functions of the SAM 105!, 
the processing contents of the functional blocks when 

20 the secure container 1 04 from the content provider 1 01 
is input will be explained by referring to Fig. 26. 
[0552] The mutual certification unit 170 performs mu- 
tual certification between the content provider 101 and 
the EMD service center 1 02 when the SAM 1 05! trans- 

^5 m its and receives the data on-line between the content 
provider 101 and the EMD service center 1 02 to produce 
a session key data (common key) K SES and outputs this 
to the encryption and/or decryption unit 171. The ses- 
sion key data K SES is newly produced with each mutual 

30 certification. 

[0553] The encryption and/or decryption unit 1 71 en- 
crypts and/or decrypts the data transmitted and re- 
ceived between the content provider 101 and the EMD 
service center 102 by using the session key data K SES 

35 produced by the mutual certification unit 1 70. 

[0554] The error correction unit 1 81 corrects the error 
of the secure container 1 04 and outputs the same to the 
download memory management unit 182. 
[0555] Note that, it is also possible if the user home 

40 network 1 03 has a function for detecting whether or not 
the secure container 104 has been tampered with. 
[0556] In the present embodiment, the case where the 
error correction unit 1 81 was built in the SAM 1 05! was 
exemplified, but it is also possible to impart the function 

45 of the error correction unit 181 to the outside of the SAM 
105!, for example, the host CPU 810. 
[0557] The download memory management unit 1 82 
performs the mutual certification between the mutual 
certification unit 170 and a media SAM 167a in a case 

so where the download memory 167 has a media SAM 
167a having a mutual certification function as shown in 
Fig. 25, and then encrypts the secure container 1 04 after 
the error correction by using the session key data K SES 
obtained by the mutual certification and writes the same 

55 into the download memory 1 67 shown in Fig. 25. As the 
download memory 167, use is made of for example a 
nonvolatile semiconductor memory such as memory 
stick. 
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[0558] Note that, as shown in Fig. 29, where a mem- 
ory not provided with a mutual certification function such 
as a HDD (hard disk drive) is used as a download mem- 
ory 211 1 the inside of the download memory 211 is not 
secure, so the content file CF is downloaded on the 
download memory 211 , and a key file KF having a high 
secrecy is downloaded on for example the stack mem- 
ory 200 shown in Fig. 26. 

[0559] The secure container decryption unit 183 de- 
crypts the content key data Kc, usage control policy data 
106, and the SAM program download containers SDC 1 
to SDC 3 in the key file KF stored in the secure container 
1 04 input from the download memory management unit 
1 82 by using distribution use key data KD 1 to KD 3 read 
out from the storage unit 192. 

[0560] The related decrypted content key data Kc, us- 
age control policy data 106 : and the SAM program 
download containers SDC 1 to SDC 3 are written into the 
stack memory 200. 

[0561 ] The EMD service center management unit 1 85 
manages the communication with the EMD service 
center 102 shown in Fig. 1 . 

[0562] The signature processing u nit 1 89 verifies the 
signature data in the secure container 104 by using a 
public key data K ESC P of the EMD service center 1 02 
read out from the storage unit 192 and the public key 
data Kcpp of the content provider 1 01 . 
[0563] The storage unit 1 92 stores, as the secret data 
which cannot be read out and rewritten from the outside 
of the SAM 1 05 1 , as shown in Fig. 30, a plurality of dis- 
tribution use key data KD-, to KD 3 with expiration dates, 
SAMJDs, user IDs, passwords, information reference 
use IDs, a SAM registration list, storage use key data 
K STR) public key data K R . CA p of the route CA, public key 
data K ESC P of the EMD service center 102, media key 
data K MED , public key data K ESC p of the EMD service 
center 102, secret key data K SAM1 s of the SAM 105.,, 
the certificate data CER SAM1 storing public key data 
K SAM1 P of the SAM 105! therein, signature data SIG22 
of the certificate CER ESC using the secret key data 
K ESC S of the EMD service center 102, the original key 
data for the mutual certification with the decryption and/ 
or expansion module 163 (where the common key en- 
cryption method is employed), the original key data for 
the mutual certification with the media SAM (where the 
common key encryption method is employed), and cer- 
tificate data CER MEDSAM of the media SAM (where the 
public key encryption method is employed). 
[0564] Also, in the storage unit 1 92 , a secret program 
for realizing at least one part of the functions shown in 
Fig. 26 is stored. 

[0565] As the storage unit 1 92, use is made of for ex- 
ample a flash-EEPROM (electrically erasable program- 
mable RAM). 

[0566] Below, an explanation will be made of the flow 
of the processing in the SAM 1 05., when storing the dis- 
tribution use key data KD., to KD 3 received from the 
EMD service center 102 in the storage unit 192 by re- 



ferring to Fig. 26. 

[0567] In this case, first, mutual certification is carried 
out between the mutual certification unit 170 and the 
mutual certification unit 150 shown in Fig. 23, 

5 [0568] Next, three months' worth of the distribution 
use key data K., to K 3 encrypted by the session key data 
K SES obtained by the related mutual certification and the 
signature data SIG KD1 ESC toSIG KD3ESC thereof are 
written from the EMD service center 102 via the EMD 

10 service center management unit 185 into the stack 
memory 811 . 

[0569] Next, in the encryption and/or decryption unit 
1 71 , by using the session key data K SES , the distribution 
use key data K-, to K 3 and the signature data SIG KD1 ESC 

15 toSIG KD3 ESC thereof are decrypted. 

[0570] Next, in the signature processing unit 1 89, af- 
ter the legitimacy of the signature data SIG KD1 ESC to 
SIG KD3ESC stored in the stack memory 811 is con- 
firmed, the distribution use key data to K 3 are written 

20 into the storage unit 192. 

[0571 ] Below, an explanation will be made of the flow 
of the processing in the SAM 1 05., receiving as input the 
secure container 104 provided by the content provider 
101 by referring to Fig. 26. 

25 [0572] Mutual certification is carried out between the 
mutual certification unit 170 of the SAM 105 t shown in 
Fig. 26 and the mutual certification unit 120 shown in 
Fig. 3. 

[0573] The encryption and/or decryption unit 171 de- 
30 crypts the secure container 1 04 supplied from the con- 
tent provider 101 via the content provider management 
unit 180 by using the session key data K SES obtained 
by the related mutual certification. 
[0574] Next, the signature processing unit 1 89 verifies 
35 the signature data SIG 1 Esc shown in Fig. 5C and then 
verifies the legitimacy of the signature data SIG 6 CP and 
SIG 7 qp by using the public key data Kq P p of the content 
provider 1 01 stored in the certificate data CER CP shown 
in Fig. 5C. 

40 [0575] At this time, when it is verified that the signa- 
ture data SIG 6 CP is legitimate, the legitimacy of the pro- 
ducer and the transmitter of the content file CF is con- 
finned. 

[0576] Also, when it is verified that the signature data 
cp ' s legitimate, the legitimacy of the transmitter of 
the key file KF is confirmed. 

[0577] Also, the signature processing unit 1 89 verifies 
the legitimacy of the signature data SIG K1 Esc in the key 
file KF shown in Fig. 5B, that is, the legitimacy of the 
50 producer of the key file KF and whether or not the key 
file KF is registered in the EMD service center 102 by 
using the public key data K ESC p read out from the stor- 
age unit 192. 

[0578] The content provider management unit 180 
55 outputs the secure container 1 04 to the error correction 
unit 181 when the legitimacy of the signature data 
SIGgQp, SIG 7C p, and SIG K1 ESC is confirmed. 
[0579] The error correct ion unit 181 performs the error 
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correction of the secure container 1 04 and then outputs 
the same to the download memory management unit 
182. 

[0580] The download memory management unit 1 82 
writes the secure container 1 04 into the download mem- 5 
ory 167 after performing the mutual certification be- 
tween the mutual certification unit 170 and the media 
SAM 167a shown in Fig. 25. 

[0581 ] Next, the down load memory management un it 
182 performs mutual certification between the mutual 10 
certification unit 170 and the media SAM 167a shown 
in Fig. 25 and then reads out the key file KF shown in 
Fig. 5B stored in the secure container 104 from the 
download memory 1 67 and outputs the same to the se- 
cure container decryption unit 1 83. 15 
[0582] Then, in the secure container decryption unit 
1 83, by using the distribution use data KD 1 to KD 3 of the 
corresponding period input from the storage unit 192, 
the content key data Kc, usage control policy data 106, 
and the SAM program download containers SDCf to 20 
SDC 3 in the key file KF shown in Fig. 5Bare decrypted. 
[0583] Then, the decrypted content key data Kc, us- 
age control policy data 106 ; and the SAM program 
download containers SDC-, to SDC 3 are written into the 
stack memory 200. 25 
[0584] Below, an explanation will be made of the 
processing contents of the functional blocks related to 
the processing of using and purchasing the content data 
C downloaded on the download memory 167 by refer- 
ring to Fig. 31. 30 
[0585] The usage monitor unit 186 reads out the us- 
age control policy data 1 06 and the usage control status 
data 1 66 from the stack memory 200 and monitors so 
that the purchase and/or usage of the content is carried 
out within a range permitted by the related read out us- 35 
age control policy data 1 06 and usage control status da- 
ta 166. 

[0586] Here : the usage control policy data 106 is 
stored in the KF after decryption and stored in the stack 
memory 200 as explained by using Fig. 26. 40 
[0587] Also, the usage control status data 166 is 
stored in the stack memory 200 when the purchase form 
is determined by the user as will be mentioned later. 
[0588] The charge processing unit 187 produces the 
usage log data 108 in response to an operation signal 45 
S1 65 from the purchase and/or usage form determina- 
tion operation unit 165 shown in Fig, 25. 
[0589] Here, the usage log data 1 08 describes the log 
of the purchase and usage forms of the secure container 
1 04 by the user as mentioned before and is used when so 
performing settlement processing in accordance with 
the purchase of the secure container 1 04 and determin- 
ing the payment of the license fee in the EMD service 
center 102. 

[0590] Also, the charge processing unit 187 notifies 55 
the sales price or the suggested retailer's price data 
SRP read out from the stack memory 200 to the user 
according to need. 
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[0591] Here, the sales price and the suggested retail- 
er's price data SRP have been stored in the usage con- 
trol policy data 106 of the key file KF shown in Fig. 5B 
stored in the stack memory 200 after decryption. 
[0592] The charge processing by the charge process- 
ing unit 187 is carried out based on the right content 
such as the usage permission condition indicated by the 
usage control policy data 1 06 and the usage control sta- 
tus data 1 66 under the monitoring of the usage monitor 
unit 1 86. Namely, the user purchases and uses the con- 
tent within the range according to the related right con- 
tent, etc. 

[0593] Also, the charge processing unit 1 87 produces 
the usage control status (UCS) data describing the pur- 
chase form of the content by the user and writes this into 
the stack memory 200. 

[0594] As the purchase form of the content, there are 
for example an outright purchase without restriction as 
to the reproduction by the purchaser and copying for the 
usage of the related purchaser, a reproduction charge 
for charging with each reproduction, etc. 
[0595] Here, the usage control status data 1 66 is pro- 
duced when the user determines the purchase form of 
the content and is used for control so that the user uses 
the related content within the range permitted by the re- 
lated determined purchase form Shereafter. In the us- 
age control status data 166, the ID of the content, the 
purchase form, the price in accordance with the related 
purchase form, the SAMJD of the SAM with the pur- 
chase of the related content performed therefor, the 
USERJD of the purchased user, etc. are described. 
[0596] Note that, where the determined purchase 
form is a reproduction charge, for example, the usage 
control status data 1 66 is transmitted from the SAM 1 05., 
to the content provider 101 in real-time simultaneously 
with the purchase of the content data C, and the content 
provider 101 instructs the EMD service center 102 to 
obtain the usage log data 108 at the SAM 105 1 within 
the predetermined period. 

[0597] Also, where the determined purchase form is 
an outright purchase, for example, the usage control 
status data 1 66 is transmitted in real-time to both of the 
content provider 101 and the EMD service center 102. 
In this way, in the present embodiment, in both cases, 
the usage control status data 1 66 is transmitted in real- 
time to the content provider 101. 

[0598] The EMD service center management unit 1 85 
transmits the usage log data 108 read out from the ex- 
ternal memory 201 via the external memory manage- 
ment unit 811 to the EMD service center 102. 
[0599] At this time, the EMD service center manage- 
ment unit 185 produces the signature data SIG 200SAM1 
of the usage log data 108 by using the secret key data 
k sami,s '"the signature processing unit 189 and trans- 
mits the signature data SIG 20 o,sami together with the 
usage log data 108 to the EMD service center 102. 
[0600] The usage log data 1 08 can be transmitted to 
the EMD service center 1 02 in response to for example 
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a request from the EMD service center 102 or periodi- 
cally or can be transmitted when the amount of informa- 
tion of the log information contained in the usage log 
data 108 becomes a predetermined amount or more 
too. The related amount of information is determined in 5 
accordance with for example the storage capacity of the 
external memory 201 . 

[0601] The download memory management unit 1 82 
outputs the content data C read out from the download 
memory 167, content key data Kc read out from the 
stack memory 200, and the user watermark use data 
1 96 input from the charge processing unit 1 87 to the de- 
cryption and/or expansion module management unit 
1 84 in the case where for example a reproduction oper- 
ation of the content is carried out in response to the op- 
eration signal S165 from the purchase form determina- 
tion operation unit 165 shown in Fig. 25. 
[0602] Also, the decryption and/or expansion module 
management unit 184 outputs the content file CF read 
out from the download memory 1 67 and the content key 
data Kc and a half disclosure parameter data 199 read 
out from the stack memory 200 to the decryption and/or 
expansion module management unit 1 84 when a demo 
operation of the content is carried out in response to the 
operation signal S165 from the purchase form determi- 
nation operation unit 165 shown in Fig. 25. 
[0603] Here, the half disclosure parameter data 199 
is described in the usage control policy data 106 and 
indicates the handling of the content in the demo mode. 
In the decryption and/or expansion module 163, it be- 
comes possible to reprod uce the encrypted content data 
C in the half disclosure state based on the half disclo- 
sure parameter data 1 99. As the procedure of the half 
disclosure, there is for example a procedure of desig- 
nating the blocks to be decrypted and the blocks not to 
be decrypted by using the content key data Kc, limiting 
the reproduction function at the demo or limiting a demo 
enable period by the half disclosure parameter data 1 99 
by utilizing the fact that the decryption and/or expansion 
module 163 processes the data (signal) in units of pre- 
determined blocks. 

[0604] Below, an explanation will be made of the flow 
of the processing in the SAM 105-,. 
[0605] First, an explanation will be made of the flow 
of the processing up to when the purchase form of the 
secure container 104 downloaded on the download 
memory 167 from the content provider 101 is deter- 
mined by referring to Fig. 31 . 

[0606] When the operation signal S1 65 indicating the 
demo mode is output to the charge processing unit 1 87 
by the operation of the purchase and/or usage form de- 
termination operation unit 165 shown in Fig. 25 by the 
user, for example, the content file CF stored in the down- 
load memory 1 67 is output via th e decryption and/or ex- 
pansion module management unit 1 84 to the decryption 
and/or expansion module 163 shown in Fig. 25. 
[0607] At this time, for the content file CF, mutual cer- 
tification between the mutual certification unit 170 and 



the media SAM 167a, encryption and/or decryption by 
the session key data K SESt mutual certification between 
the mutual certification unit 170 and the mutual certifi- 
cation unit 220, and encryption and/or decryption by the 
session key data K SES are carried out. 
[0608] The content file CF is decrypted by using the 
session key data K SES at the decryption unit 221 shown 
in Fig. 25, and then output to the decryption unit 222. 
[0609] Also, the content key data Kc and the half dis- 
closure parameter data 199 read out from the stack 
memory 200 are output to the decryption and/or expan- 
sion module 1 63 shown in Fig. 25. At this time, after the 
mutual certification between the mutual certification unit 
170 and the mutual certification unit 220, encryption and 
decryption by the session key data K SES are carried out 
with respect to the content key data Kc and the half dis- 
closure parameter data 199. 

[0610] Next, the decrypted half disclosure parameter 
data 199 is output to the half disclosure processing unit 
225. Under the control of the haif disclosure processing 
unit 225, the decryption of the content data C using the 
content key data Kc by the decryption unit 222 is carried 
out in half disclosure. 

[0611] Next, the content data C decrypted in half dis- 
closure is expanded at the expansion unit 223 and then 
output to the electronic watermark information process- 
ing unit 224. 

[0612] Next, the user watermark use data 196 is bur- 
ied in the content data C in the electronic watermark in- 
formation processing unit 224, and then the content data 
C is reproduced at the reproduction module 169, and 
sound in accordance with the content data C is output. 
[061 3] Then , when the user trying out the content de- 
termines the purchase form by operating the purchase 
and/or usage form determination operation unit 1 65, the 
operation signal S1 65 indicating the related determined 
purchase form is output to the charge processing unit 
187. 

[0614] Then, in the charge processing unit 187, the 
usage log data 108 and the usage control status data 
166 in accordance with the determined purchase form 
are produced, the usage log data 108 is written into the 
external memory 201 via the external memory manage- 
ment unit 81 1 , and, at the same time, the usage control 
status data 1 66 is written into the stack memory 200. 
[0615] Thereafter, in the usage monitor unit 1 86, con- 
trol (monitoring) is carried out so that the content data 
is purchased and used within the range permitted by the 
usage control status data 166. 

[0616] Then, a new key file KF 1 shown in Fig. 34C 
mentioned later is produced, and the related produced 
key file KF 1 is stored in the download memory 167 via 
the download memory management unit 182. 
[0617] As shown in Fig. 34C, the usage control status 
data 166 stored in the key file KF 1 is sequentially en- 
crypted by using the storage key data K STR and the me- 
dia key data K MED by utilizing the CBC mode of the DES. 
[0618] Here, the storage use key data K STR is data 
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determined in accordance with the type of apparatus, 
for example, a SACD (Super Audio Compact Disc), a 
DVD (Digital Versatile Disc) apparatus, CD-R appara- 
tus, and MD (Mini Disc) apparatus and is used for es- 
tablishing one-to-one correspondence between the 5 
types of the apparatuses and the types of the storage 
media. Also, the media key data K MED is data unique to 
the storage medium. 

[0619] Also, in the signature processing unit 189 3 a 
hash value H K1 of the key file KF-, is produced by using 10 
the secret key data K SAM1 s of the SAM 105! , and the 
related produced hash value H K1 is written into the stack 
memory 200 in correspondence to the key file KF-, . The 
hash value H K1 is used for verifying the legitimacy of the 
producer of the key file KF-j and whether or not the key 15 
file KF 1 was tampered with. 

[0620] Next, the flow of the processing where the con- 
tent data C with the purchase form already determined 
therefor stored in the download memory 167 will be ex- 
plained by referring to Fig. 31 . 20 
[0621] In this case, under the monitoring of the usage 
monitor unit 186, based on the operation signal S165, 
the content file CF stored in the download memory 1 67 
is output to the decryption and/or expansion module 1 63 
shown in Fig. 31 . At this time, mutual certification is car- 25 
ried out between the mutual certification unit 1 70 shown 
in Fig. 31 and the mutual certification unit 220 of the de- 
cryption and/or expansion module 1 63 shown in Fig. 25. 
[0622] Also, the content key data Kc read out from the 
stack memory 200 is output to the decryption and/or ex- 30 
pansion module 163. 

[0623] Then, in the decryption unit 222 of the decryp- 
tion and/or expansion module 1 63, the decryption of the 
content file CF using the content key data Kc and the 
expansion processing by an expansion unit 223 are car- 35 
ried out, and in the reproduction module 1 69, the content 
data C is reproduced. 

[0624] At this time, by the charge processing unit 1 87, 
the usage log data 108 stored in the external memory 
201 is updated in accordance with the operation signal 40 
S165. 

[0625] The usage log data 108 is read out from the 
external memory 201 , and then, after passing through 
the mutual certification, transmitted via the EMD service 
center management unit 1 85 together with the signature 45 
data SIG 200 SAM1 to the EMD service center 102. 
[0626] Next, as shown in Fig. 32, the flow of the 
processing in the SAM 1 05., in a case where for exam- 
ple, after the purchase form of the content file CF down- 
loaded on the download memory 1 67 of the network ap- so 
paratus 1 60-, is determined as mentioned above, a new 
secure container 1 04x storing the related contentfile CF 
is produced, and the secure container 104x is trans- 
ferred via the bus 1 91 to the SAM 1 05 2 of the AV appa- 
ratus 1 60 2 will be explained by referring to Fig. 33. 55 
[0627] The user operates the purchase and/or usage 
form determination operation unit 165 and instructs the 
transfer of the predetermined content stored in the 



download memory 167 to the AV apparatus 160 2 , and 
the operation signal S1 65 in accordance with the related 
operation is output to the charge processing unit 187. 
[0628] By this, the charge processing unit 187 up- 
dates the usage log data 108 stored in the external 
memory 201 based on the operation signal S1 65. 
[0629] Also, the charge processing unit 1 87 transmits 
the usage control status data 1 66 indicating the related 
determined purchase form via the EMD service center 
management unit 185 to the EMD service center 102 
whenever the purchase form of the content data is de- 
termined. 

[0630] Also, the download memory management unit 
182 outputs the content file CF and the signature data 
SIG 6 CP thereof shown in Fig. 5A, the key file KF and 
the signature data SIG 7 cp thereof, and the key file KF 1 
and the hash value H K1 thereof read out from the down- 
load memory 1 67 to the SAM management unit 1 90. At 
this time, the mutual certification between the mutual 
certification unit 170 of the SAM 105! and the media 
SAM 167a and the encryption and/or decryption by the 
session key data K SES are carried out. 
[0631 ] Also, the signature processing unit 1 89 obtains 
the hash value of the content file CF, produces signature 
data SIG 41 SAM1 by using the secret key data K SAM1 s , 
and outputs this to the SAM management unit 1 90. 
[0632] Also, the signature processing unit 1 89 obtains 
the hash value of the key file KF 1t produces signature 
data SIG 42 SAM1 by using the secret key data K SAM1 s , 
and outputs this to the SAM management unit 1 90. 
[0633] Also, the SAM management unit 1 90 reads out 
the certificate data CER CP and the signature data 
sig i,esc thereof and the certificate data CER SAM1 and 
the signature data SIG 22ESC thereof shown in Fig. 34D 
from the storage unit 192. 

[0634] Also, the mutual certification unit 170 outputs 
the session key data K SES obtained by performing the 
mutual certification with the SAM 1 05 2 to the encryption 
and/or decryption unit 1 71 . 

[0635] The SAM management unit 190 produces a 
new secure container 104x comprised of the data shown 
in Figs. 34A, 34B, 34C, and 34D, encrypts the secure 
container 104x in the encryption and/or decryption unit 
171 by using the session key data K SES , and then out- 
puts the same to the SAM 1 05 2 of the AV apparatus 1 60 2 
shown in Fig. 32. 

[0636] At this time, in parallel to the mutual certifica- 
tion between the SAM 1 05., and the SAM 1 05 2 , mutual 
certification of the bus 191 serving as the IEEE1 394 se- 
rial bus is carried out. 

[0637] Below, as shown in Fig. 32, the flow of the 
processing in the SAM 105 2 when writing the secure 
container 1 04x input from the SAM 1 05., into the storage 
medium 130 4 of a RAM type or the like will be explained 
by referring to Fig. 35. 

[0638] Here, the RAM type storage medium 130 4 has 
for example an unsecure RAM region 1 34, a media SAM 
133, and a secure RAM region 132. 



58 

BNSDOCID: <EP 1132828A1 J_> 



115 



EP1 132 828 A1 



116 



[0639] In this case, the SAM management unit 190 of 
the SAM 105 2 receives as input the secure container 
1 04x from the SAM 1 05 1 of the network apparatus 1 60 1 
as shown in Fig. 32 and Fig. 35. 
[0640] Then, in the encryption and/or decryption unit 
1 71 , the secure container 1 04x input via the SAM man- 
agement unit 190 is decrypted by using the session key 
data K SES obtained by the mutual certification between 
the mutual certification unit 170 and the mutual certifi- 
cation unit 170 of the SAM 105 v 
[0641] Next, in the signature processing unit 189, the 
legitimacy of the signature data SIG 6 CP is verified by 
using the public key data Kcpp, and the legitimacy of 
the producer of the content file CF is confirmed. Also, in 
the signature processing unit 189, the legitimacy of the 
signature data SIG 41 SAM1 is verified by using the public 
key data K SAM1 p , and the legitimacy of the transmitter 
of the content file CF is confirmed. 
[0642] Then, after it is confirmed that the producer 
and the transmitter of the content file CF are legitimate, 
the content file C F is output from the SAM management 
unit 1 90 to a storage module management unit 855, and 
the content file CF is written into the RAM region 1 34 of 
the RAM type storage medium 130 4 shown in Fig. 32. 
[0643] Also, the key file KF and the signature data 
SIG 7 CP and SIG^ SAM1 thereof, the key file KF 1 and the 
hash value K K1 thereof, the certificate data CER CP and 
the signature data SIG 1 ESC thereof, and the certificate 
data CER SAM1 and the signature data SIG^esc thereof 
decrypted by using the session key data K SES are writ- 
ten into the stack memory 200. 

[0644] Next, the signature processing unit 1 89 verifies 
the signature data SIG^.esc rea d out from the stack 
memory 200 by using the public key data K ESC P read 
out from the storage unit 1 92 and confirms the legitima- 
cy of the certificate data CER SAM1 . 
[0645] Then, the signature processing unit 189 veri- 
fies the legitimacy of the signature data SIG 42 ,sami 
stored in the stack memory 200 by using the public key 
data K SAM1 P stored in the certificate data CER SAM1 
when confirming the legitimacy of the certificate data 
CER SAM1 . Then, when it is verified that the signature 
data SIG 42 SAM1 is legitimate, the legitimacy of the key 
file KF is confirmed. 

[0646] Also, the signature processing unit 1 89 verifies 
the signature data SIG 1 ESC read out from the stack 
memory 200 by using the public key data K ESC P read 
out from the storage unit 1 92 and confirms the legitima- 
cy of the certificate data CERcp. 

[0647] Then, the signature processing unit 1 89 veri- 
fies the legitimacy of the signature data SIG 7SAM1 
stored in the stack memory 200 by using the public key 
data Kcpp stored in the certificate data CER CP when 
confirming the legitimacy of the certificate data CER CP . 
Then, when rt is verified that the signature data 
SIG 7 SAM1 is legitimate, the legitimacy of the producer 
of the key file KF is confirmed. 

[0648] When it is confirmed that the producer and the 



transmitter of the key file KF are legitimate, the key file 
KF is read out from the stack memory 200 and written 
into the secure RAM region 1 32 of the RAM type storage 
medium 130 4 shown in Fig. 34 via the storage module 

5 management unit 855. 

[0649] Also, the signature processing unit 1 89 verifies 
the legitimacy of the hash value H K1 by using the public 
key data K SAM1 P and confirms the legitimacy of the pro- 
ducer and transmitter of the key file KF 1 . 

10 [0650] Then, when the legitimacy of the producer and 
the transmitter of the key file KF 1 is confirmed, the key 
file KF 1 shown in Fig. 34C is read out from the stack 
memory 200 and output to the encryption and/or decryp- 
tion unit 173. 

*5 [0651] Note that, in the related example, the case 
where the producer and the transmitter of the key file 
KF 1 were the same was mentioned, but where the pro- 
ducer and the transmitter of the key file KF 1 are different, 
the signature data of the producer and the signature da- 
20 ta of the transmitter are produced with respect to the key 
file KF 1} and the legitimacy of the both signature data is 
verified in the signature processing unit 189. 
[0652] Then, the encryption and/or decryption unit 
173 encrypts the content key data Kc and the usage 
25 control status data 166 in the key file KF 1 by sequentially 
using the storage use key data K STR: media key data 
K MED , and the purchaser key data K P)N read out from 
the storage unit 1 92 and outputs the same to the storage 
module management unit 855. 
30 [0653] Then, by the storage module management unit 
855, the encrypted key file KF 1 is stored in the secure 
RAM region 132 of the RAM type storage medium 130 4 . 
[0654] Note that, the media key data K MED is stored 
in the storage unit 192 in advance by the mutual certifi- 
es cation between the mutual certification unit 1 70 shown 
in Fig. 33 and the media SAM 1 33 of the RAM type stor- 
age medium 130 4 shown in Fig. 32. 
[0655] Here, the storage use key data K STR is data 
determined in accordance with the type of apparatus 
40 (AV apparatus 1 60 2 in the related example) of for exam- 
ple the SACD (Super Audio Compact Disc), DVD (Dig- 
ital Versatile Disc) apparatus : CD-R apparatus, and MD 
(Mini Disc) apparatus and is used for establishing one- 
to-one correspondence between the types of the appa- 
45 ratuses and the types of the storage media. Note that, 
the physical structures of the disc media are the same 
between SACD and DVD, so there is a case where the 
recording and/or reproduction of the storage medium of 
an SACD can be carried out by using a DVD apparatus. 
so The storage use key data K STR performs the function of 
preventing illegitimate copies in such a case. 
[0656] Note that, in the present embodiment, it is also 
possible not to encrypt using the storage use key data 

K STR* 

55 [0657] Also } the media key data K MED is data unique 
to the storage medium (RAM type storage medium 1 30 4 
in the related example). 

[0658] The media key data K MED is stored in the stor- 
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age medium (RAM type storage medium 130 4 shown in 
Fig. 32 in the related example). It is preferred from the 
viewpoint of the security that encryption and the decryp- 
tion using the media key data K MED be carried out in the 
media SAM of the storage medium. At this time, the me- 
dia key data K MED is stored in the related media SAM 
where the media SAM is mounted in the storage medi- 
um, while is stored in for example a region out of man- 
agement of the host CPU 810 in the RAM region where 
the media SAM is not mounted in the storage medium. 
[0659] Note that, it is also possible to perform the mu- 
tual certification between the apparatus side SAM (SAM 
1 05 2 in the related example) and the media SAM (media 
SAM 133 in the related example), transfer the media key 
data K MED via the secure communication route to the 
apparatus side SAM, and perform the encryption and 
decryption using the media key data K MED in the appa- 
ratus side SAM as in the present embodiment. 
[0660] In the present embodiment, the storage use 
key data K STR and the media key data K MED are used 
for protecting the security of the level of the physical lay- 
er of the storage medium. 

[0661] Also, the purchaser key data K P(N is data indi- 
cating the purchaser of the content file CF and is allo- 
cated by the EMD service center 1 02 to the related pur- 
chased user when for example the content is purchased 
by outright purchase. The purchaser key data K P)N is 
managed in the EMD service center 102. 
[0662] Also, in the above embodiment, the case 
where the key files KF and KF 1 were stored in the secure 
RAM region 132 of the RAM type storage medium 130 4 
by using the storage module 260 was exemplified, but 
as indicated by a dotted line in Fig. 32, it is also possible 
to store the key files KF and KF 1 in the media SAM 1 33 
from the SAM 105 2 . 

[0663] Next, the flow of the processing when deter- 
mining the purchase form in the AV apparatus 160 2 
where the user home network 303 is distributed the 
ROM type storage medium 130 1 shown in Fig. 12 with 
the purchase form of the content undetermined therefor 
off-line will be explained by referring to Fig. 36 and Fig. 
37. 

[0664] The SAM 105 2 of the AV apparatus 1 60 2 first 
performs the mutual certification between the mutual 
certification unit 170 shown in Fig. 37 and the media 
SAM 1 33 of the ROM type storage medium 1 30 1 shown 
in Fig. 12, and then receives as input the media key data 
K MED from the media SAM 133. 

[0665] Note that, where the SAM 1 05 2 holds the me- 
dia key data K MED in advance, it is also possible if the 
related input is not carried out. 

[0666] Next, the key file KF and the signature data 
SIG 7,cp thereof and the certificate data CER CP and the 
signature data SIG 1 Esc thereof shown in Figs. 5B and 
5C stored in the secure container 1 04 stored in the se- 
cure RAM region 132 of the ROM type storage medium 
1 30 1 are input via the media SAM management unit 1 97 
or not illustrated read out module management unit and 



are written into the stack memory 200. 
[0667] Next, in the signature processing unit 189, af- 
ter the legitimacy of the signature data SIG 1ESC is con- 
firmed, the public key data K CPP is extracted from the 
5 certificate data CER CP , and by using this public key data 
K CPP , the legitimacy of the signature data SIG 7 CP: that 
is, the legitimacy of the transmitter of the key file KF is 
verified. 

[0668] Also, in the signature processing unit 189, by 
*o using the public key data K ESC P read out from the stor- 
age unit 192, the legitimacy of the signature data 
S,G K1 ,esc stored in the key file KF, that is, the legitimacy 
of the producer of the key file KF, is verified. 
[0669] When the legitimacy of the signature data 
15 s,g 7,cp ancI sig ki,esc is confirmed in the signature 
processing unit 189,' the key file KF is read out from the 
stack memory 200 to the secure container decryption 
unit 183. 

[0670] Next, in the secure container decryption unit 

20 1 83, by using the distribution use data KD^ to KD 3 of the 
corresponding period, the content key data Kc, usage 
control policy data 1 06, and the SAM program download 
containers SDC 1 to SDC 3 stored in the key file KF are 
decrypted and are written into the stack memory 200. 

25 [0671] Next, afterthe mutual certification between the 
mutual certification unit 170 shown in Fig. 37 and the 
decryption and/or expansion module 163 shown in Fig. 
36, the decryption and/or expansion module manage- 
ment unit 1 84 of the SAM 1 05 2 outputs the content key 

30 data Kc stored in the stack memory 200 and the half 
disclosure parameter data 1 99 stored in the usage con- 
trol policy data 1 06 and the content data C stored in the 
content file CF read out from the ROM region 1 31 of the 
ROM type storage medium 130 1 to the decryption and/ 

35 or expansion module 1 63 shown in Fig. 36. Next, in the 
decryption and/or expansion module 163, the content 
data C is decrypted in the half disclosure mode by using 
the content key data Kc and then expanded and output 
to a reproduction module 270. Then, in the reproduction 

40 module 270, the content data C from the decryption and/ 
or expansion module 163 is reproduced. 
[0672] Next, the purchase form of the content is de- 
termined by the purchase operation of the purchase 
form determination operation unit 165 shown in Fig. 36 

4 5 by the user, and the operation signal S1 65 indicating the 
related determined purchase form is input to the charge 
processing unit 187. 

[0673] Next, the charge processing unit 1 87 produces 
the usage control status data 1 66 in response to the op- 
50 eration signal S165 and writes this into the stack mem- 
ory 200. 

[0674] Next, the content key data Kc and the usage 
control status data 1 66 are output from the stack mem- 
ory 200 to the encryption and/or decryption unit 173. 
5 5 [0675] Next, the encryption and/or decryption unit 1 73 
sequentially encrypts the content key data Kc and the 
usage control status data 1 66 input from the stack mem- 
ory 200 by using the storage use key data K STR , the me- 
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dia key data K MED , and the purchaser key data K P)N read 
out from the storage unit 192 and writes them into the 
stack memory 200. 

[0676] Next, in the media SAM management unit 1 97, 
the key file KF, shown in Fig. 34C is produced by using 
the encrypted content key data Kc, the usage control 
status data 1 66 and the SAM program download con- 
tainers SDC 1 to SDC 3 read out from the stack memory 
200. 

[0677] Also, in the signature processing unit 1 89, the 
hash value H K1 of the key file KF-, shown in Fig. Figure 
C is produced, and the related hash value H K1 is output 
to the media SAM management unit 197. 
[0678] Next, after the mutual certification between the 
mutual certification unit 170 shown in Fig. 37 and the 
media SAM 133 shown in Fig. 36, the media SAM man- 
agement unit 197 writes the key file KF-, and the hash 
value H K1 into the secure RAM region 132 of the ROM 
type storage medium 130 1 via a storage module 271 
shown in Fig. 36. 

[0679] By this, the ROM type storage medium 130 t 
with the purchase form determined therefor is obtained. 
[0680] At this time, the usage control status data 1 66 
and the usage log data 108 produced by the charge 
processing unit 1 87 are read out from the stack memory 
200 and the external memory 201 at the predetermined 
timing and transmitted to the EMD service center 102. 
[0681 ] Note that, where the key file KF is stored in the 
media SAM 1 33 of the ROM type storage medium 1 30 1 , 
as indicated by the dotted line in Fig. 36, the SAM 105 2 
receives as input the key file KF from the media SAM 
133, Also, in this case, the SAM 105 2 writes the pro- 
duced key file KF 1 into the media SAM 133. 
[0682] Below, as shown in Fig. 38, the flow of the 
processing when the secure container 104 is read out 
from the ROM type storage medium 130., with the pur- 
chase form undetermined therefor in the AV apparatus 
160 3 to produce a new secure container 104y, this is 
transferred to the AV apparatus 1 60 2 , the purchase form 
is determined in the AV apparatus 1 60 2 , and this is writ- 
ten into a RAM type storage medium 130 5 will be ex- 
plained by referring to Fig. 39 and Fig. 40. 
[0683] Note that, the transfer of the secure container 
104 from the ROM type storage medium 130-, to the 
RAM type storage medium 130 5 can be carried out be- 
tween the network apparatus 160 1 shown in Fig. 1 and 
any of the AV apparatuses 1 60 1 to 1 60 4 shown in Fig. 1 . 
[0684] First, mutual certification is carried out be- 
tween the SAM 1 05 3 of the AV apparatus 1 60 3 and the 
media SAM 133 of the ROM type storage medium 1 30^ 
and media key data K MED1 of the ROM type storage me- 
dium 130! is transferred to the SAM 105 3 . 
[0685] Also, mutual certification is carried out be- 
tween the SAM 1 05 2 of the AV apparatus 1 60 2 and the 
media SAM 1 33 of the RAM type storage medium 1 30 5t 
and media key data K MED2 of the RAM type storage me- 
dium 1 30 5 is transferred to the SAM 1 062- 
[0686] Note that, where encryption using the media 



key data K MED1 and K MED2 is carried out in the media 
SAM 133 and the media SAM 133, the transfer of the 
media key data Kmedi and K MED2 is not carried out. 
[0687] Next, the SAM 1 05 3 outputs the content file CF 

5 and the signature data SIG 6 CP thereof shown in Fig. 5A 
read out from the ROM region 1 31 of the ROM type stor- 
age medium 130 1( the key file KF and the signature data 
SIG 7 CP thereof shown in Figs. 5B and 5C read out from 
the secure RAM region 132, and the certificate data 

10 CER CP and the signature data SIG«, ESC thereof to the 
encryption and/or decryption unit 171 via the media 
SAM management unit 197 or not illustrated read out 
module management unit as shown in Fig. 39. 
[0688] Also, the content f ile CF and the key file KF are 

*5 output from the media SAM management unit 1 97 to the 
signature processing unit 189. 

[0689] Then, in the signature processing unit 1 89, the 
hash values of the content file CF and the key file KF 
are obtained, signature data SIG 350SAM3 anc ' 
20 SIG3 5 2sam3 are produced by using secret key data 
K SAM3 s , and they are output to the encryption and/or 
decryption unit 171 . 

[0690] Also, the certificate data CER SAM3 and the sig- 
nature data SIG 351 ESC thereof are read out from the 
25 storage unit 1 92 and output to the encryption and/or de- 
cryption unit 171. 

[0691] Then, the secure container 104y shown in Fig. 
40 is encrypted by using the session key data K SES ob- 
tained by mutual certification between the SAM 105 3 

30 and 105 2 in the encryption and/or decryption unit 171 
and then output via the SAM management unit 190 to 
the SAM 1 05 2 of the AV apparatus 1 60 1 . 
[0692] In the SAM 1 05 2 , as shown in Fig. 41 , the se- 
cure container 104y shown in Fig. 40inputfrom the SAM 

35 105 3 via the SAM management unit 1 90 is decrypted in 
the encryption and/or decryption unit 171 by using the 
session key data K SES , and then the legitimacy of the 
signature data SIG 6CP and SIG 350 SAM3 stored in the 
secure container 1 04y, that is, the legitimacy of the pro- 

40 ducer and the transmitter of the content file CF is con- 
firmed. 

[0693] Then, after it is confirmed that the producer 
and the transmitter of the content file CF are legitimate, 
the content file CF is written into the RAM region 1 34 of 
45 the RAM type storage medium 1 30 5 via the media SAM 
management unit 197. 

[0694] Also, after the key file KF and the signature da- 
ta SIG 7 CP and SIG 350 SAM3 thereof and certificate data 
CER SAM3 and the signature data SIG^-j Esc thereof in- 
50 put from the SAM 105 3 via the SAM management unit 
190 are written into the stack memory 200, they are de- 
crypted in the encryption and/or decryption unit 171 by 
using the session key data K SES . 

[0695] Next, the related decrypted signature data 
55 SIG 351 ESC is verified in the signature processing unit 
189. When the legitimacy of the certificate data 
CER SAM3 is confirmed, by using the public key data 
K SAM3 stored in the certificate data CER SAM3 , the legit- 
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imacy of the signature data SIG 7 CP and SIG 352 SAM3 , 
that is, the legitimacy of the producer and the transmitter 
of the key file KF is confirmed. 

[0696] Then, when the legitimacy of the producer and 
the transmitter of the key file KF is confirmed, the key 
file KF is read out from the stack memory 200 and output 
to the secure container decryption unit 1 83. 
[0697] Next, the secure container decryption un it 1 83 
decrypts the key file KF by using the distribution use da- 
ta KD 1 to KD 3 of the corresponding period and writes 
the related decrypted key file KF into the stack memory 
200. 

[0698] Next, the usage control policy data 1 06 stored 
in the already decrypted key file KF stored in the stack 
memory 200 is output to the usage monitor unit 1 86. The 
usage monitor unit 1 86 manages the purchase form and 
usage form of the content based on the usage control 
policy data 1 06. 

[0699] Next, for example, when the demo mode is se- 
lected by the user, the content data C of the content file 
CF already decrypted by the session key data K SES , the 
content key data Kc stored in the stack memory 200, the 
half disclosure parameter data 199 obtained from the 
usage control policy data 106, and the user watermark 
use data 1 96 are output via the decryption and/or ex- 
pansion module management unit 1 84 shown in Fig. 38 
to the reproduction module 270 after passing through 
mutual certification. Then, in the reproduction module 
270, the reproduction of the content data C correspond- 
ing to the demo mode is carried out. 
[0700] Next, the purchase and/or usage form of the 
content is determined by the operation of the purchase 
and/or usage form determination operation unit 165 
shown in Fig. 38 by the user, and the operation signal 
S165 in accordance with the related determination is 
output to the charge processing unit 187. 
[0701] Then, in the charge processing unit 187, the 
usage control status data 166 and the usage log data 
108 are produced in accordance with the determined 
purchase and/or usage form and are written into the 
stack memory 200 and the external memory 201 . 
[0702] Next, the content key data Kc and the usage 
control status data 1 66 are read out from the stack mem- 
ory 200 to the encryption and/or decryption unit 1 73, se- 
quentially encrypted in the encryption and/or decryption 
unit 1 73 by using the storage use key data K STR , media 
key data K MED2 , and the purchaser key data K PIN read 
out from the storage unit 1 92, and output to the storage 
module management unit 855. Then, for example, in the 
storage module management unit 855, the key file KF t 
shown in Fig. 34C is produced, and the key file KF-, is 
written into the media SAM 1 33 of the RAM type storage 
medium 1 30 5 via the media SAM management unit 1 97. 
[0703] Also, the content file CF stored in the secure 
container 1 04y is written into the RAM region 1 34 of the 
RAM type storage medium 1 305 by the storage module 
management unit 855. 

[0704] Also, the usage control status data 1 66 and the 



usage log data 108 are transmitted to the EMD service 
center 1 02 at the predetermined timing. 
[0705] Below, an explanation will be made of the 
method of realization of the SAMsJ05 1 to 105 4 . 

s [0706] Where the functions of the SAMs 1 05 1 to 1 05 4 
are realized as hardware, by using an ASIC type CPU 
including a memory, data having a high degree of se- 
crecy such as a security functional module for realizing 
the functions shown in Fig. 26, program module for per- 

10 forming the rights clearing of the content, and the key 
data are stored in that memory. One series of rights 
clearing use program modules such as an encryption 
library module (public key code, common key code, ran- 
dom number generator, hash function), program module 

*s for the usage control of the content, and the program 
module of the charge processing are mounted as for ex- 
ample software. 

[0707] For example, a module such as the encryption 
and/or decryption unit 171 shown in Fig. 26 is mounted 

20 as an I P core in the ASIC type CPU as hardware due to 
the problem of for example processing speed. Depend- 
ing on the clock speed or performance of the CPU code 
system etc., it is also possible to mount the encryption 
and/or decryption unit 171 as software. 

25 [0708] Also, as the storage unit 192 shown in Fig. 26, 
the program module for realizing the functions shown in 
Fig. 26, and the memory for storing the data, use is 
made of for example a nonvolatile memory (flash-ROM), 
while as the working memory, a high speed writable 

30 memory such as an SRAM is used. Note that otherthan 
them, as the memory included in the SAMs 1 05., to 1 05 4f 
it is also possible to use a ferroelectric memory (FeR- 
AM). 

[0709] Also, in the SAMs 1 05 1 to 1 05 4 , other than the 

35 above, a clock function used for the verification of the 
date in the expiration date and the contract period etc. 
for the usage of the content is included. 
[0710] As mentioned above, the SAMs 105-, to 105 4 
have tamper resistance sheltering the program module, 

40 data, and the processing content from the outside. In 
order to prevent the program and content of data having 
high secrecy stored in the memory inside the IC of the 
related SAM and values of the register group related to 
the system configuration of the SAM and the encryption 

45 library and the register group of the clock from being 
read out and newly written via the bus of the host CPU 
of the apparatuses with the SAMs 105 1 to 105 4 mounted 
thereon, that is, in order to prevent the host CPU of the 
mounted apparatus from not existing in the allocated ad- 

50 dress space, an address space not seen from the host 
CPU on the mounted apparatus side is set up in the re- 
lated SAM by using an MMU (memory management 
unit) for managing the memory space on the CPU side. 
[0711] Also, the SAMs 105 1 to 105 4 have structures 

55 durable against physical attack from the outside such 
as X-rays or heat and further have structures such that, 
even if real-time debugging (reverse engineering) using 
a debug use tool (hardware ICE or software ICE) or the 
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like is carried out, the processing content thereof cannot 
be seen or the debug use tool per se cannot be used 
after the manufacture of the IC. 

[0712] The SAMs 105 1 to 105 4 perse are usual ASIC 
type CPUs including memories in the hardware struc- 
ture. Their functions depend on the software for operat- 
ing the related CPU, but are different from the general 
ASIC type CPU in the point that they have a hardware 
structure of the encryption function and tamper resist- 
ance. 

[0713] Where all of the functions of the SAMs 105 1 to 
105 4 are realized by software, there are cases where 
the software processing is carried out by enclosing the 
same inside a module having the tamper resistance and 
cases where they are achieved by software processing 
on the host CPU mounted on the usual set and steps 
are taken so that decipherment becomes impossible at 
only the related processing. The former is the same as 
the case where an encryption library module is stored 
in the memory as not the IP core, but the usual software 
module, and can be considered similar to the case 
where the functions are realized as the hardware. On 
the other hand, the latter is referred to as tamper resist- 
ant software. Even if the execution situation is deci- 
phered by the ICE (debugger), the execution sequence 
of the tasks is scattered (in this case, tasks are divided 
so that the a divided task has a meaning as a program, 
that is, no influence will be exerted upon the lines before 
and after that), and the tasks per se are encrypted, so 
one type of secure processing can be realized similar to 
a task scheduler (MiniOS). The related task scheduler 
is buried in the target program. 

[0714] Next, an explanation will be made of the de- 
cryption and/or expansion module 1 63 shown in Fig. 25. 
[0715] As shown in Fig. 25, the decryption and/or ex- 
pansion module 163 has the mutual certification unit 
220, decryption unit 221, decryption unit 222, expansion 
unit 223, electronic watermark information processing 
unit 224, and the half disclosure processing unit 225. 
[0716] The mutual certification unit 220 performs the 
mutual certification with the mutual certification unit 1 70 
shown in Fig. 32 when the decryption and/or expansion 
module 1 63 receives as its input the data from the SAM 
105 1 and produces the session key data K SES . 
[0717] The decryption unit 221 decrypts the content 
key data Kc, half disclosure parameter data 199, user 
watermark use data 196, and the content data C input 
from the SAM 1 05 1 by using the session key data K SES . 
Then, the decryption unit 221 outputs the decrypted 
content key data Kc and the content data C to the de- 
cryption unit 222, outputs the decrypted user watermark 
use data 1 96 to the electronic watermark information 
processing unit 224, and outputs the half disclosure pa- 
rameter data 199 to the half disclosure processing unit 
225. 

[0718] The decryption unit 222 decrypts the content 
data C in the half disclosure mode by using the content 
key data Kc under the control from the half disclosure 



processing unit 225 and outputs the decrypted content 
data C to the expansion unit 223. 
[0719] The expansion unit 223 expands the decrypted 
content data C and outputs the same to the electronic 

5 watermark information processing unit 224. 

[0720] The expansion unit 223 performs the expan- 
sion processing by using the A/V expansion use soft- 
ware stored in the content file CF shown in Fig. 5A and 
performs the expansion processing by for example the 

10 ATRAC3 method. 

[0721 ] The electronic watermark information process- 
ing unit 224 buries the user watermark in accordance 
with decrypted user watermark use data 1 96 in the de- 
crypted content data C and produces new content data 

is C. The electronic watermark information processing unit 
224 outputs the related new content data C to the repro- 
duction module 169. 

[0722] In this way, the user watermark is buried at the 
decryption and/or expansion module 1 63 when repro- 
ve ducing the content data C. 

[0723] Note that, in the present invention, it is also 
possible if the user watermark use data 1 96 is not buried 
in the content data C. 

[0724] The half disclosure processing unit 225 in- 
25 structs the blocks not to be decrypted and the blocks to 
be decrypted in for example the content data C to the 
decryption unit 222 based on the half disclosure param- 
eter data 1 99. 

[0725] Also, the half disclosure processing unit 225 
30 performs the control such as limiting the reproduction 
function at the time of a demo or the demo period based 
on the half disclosure parameter data 1 99. 
[0726] The reproduction module 1 69 performs the re- 
production in accordance with the decrypted and ex- 
35 panded content data C, 

[0727] Next, an explanation will be made of the data 
format when transmitting and receiving data with the sig- 
nature data produced by using the secret key data at- 
tached thereto and the certificate data among the con- 
40 tent provider 1 01 , EMD service center 1 02, and the user 
home network 103. 

[0728] Figure 42 A is a view for explaining the data for- 
mat where the data Data is transmitted from the content 
provider 1 01 to the SAM 105 1 by the in-band method. 
45 [0729] In this case, a module Mod 50 encrypted by the 
session key data K SES obtained by the mutual certifica- 
tion between the content provider 101 and the SAM 
105 1 is transmitted from the content provider 1 01 to the 
SAM 105 1 

50 [0730] In the module Mod 50 , a module Mod 51 and the 
signature data SIG CP by the secret key data Kq P s there- 
of are stored. 

[0731 ] In the module Mod 31 , the certificate data CER- 
op storing the secret key data Kcpp of the content pro- 
55 vider 101 , the signature data SIG ESC based on the se- 
cret key data K ESC s with respect to the certificate data 
CER CP , and the data Data to be transmitted are stored. 
[0732] In this way, by transmitting the module Mod 50 
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storing the certificate data CER CP from the content pro- 
vider 1 01 to the SAM 1 05 1 , when verifying the signature 
data SIG CP at the SAM 105 1f it becomes unnecessary 
to transmit the certificate data CER CP from the EMD 
service center 1 02 to the SAM 1 05 v 
[0733] Figures 42B and 42C are views for explaining 
the data format where the data Data is transmitted from 
the content provider 1 01 to the SAM 1 05 1 by the out-of- 
band method. 

[0734] In this case, a module Mod 52 shown in Fig. 42B 
encrypted by the session key data K SES obtained by the 
mutual certification between the content provider 101 
and the SAM 1 05 1 is transmitted from the content pro- 
vider 101 to the SAM 105 v 

[0735] In the module Mod 52 , the data Data to be trans- 
mitted and the signature data SIG CP by the secret key 
data Kcps thereof are stored. 

[0736] Further, a module Mod 53 shown in Fig. 42C en- 
crypted by the session key data K SES obtained by the 
mutual certification between the EMD service center 
102 and the SAM 105! is transmitted from the EMD 
service center 1 02 to the SAM 1 05 v 
[0737] !n the module Mod 53 , the certificate data CER- 
CP of the content provider 101 and the signature data 
s ig esc b y tne secret key data K ESC s thereof are stored . 
[0738] Figure 42D is a view for explaining the data for- 
mat of the case where the data Data is transmitted from 
the SAM 1 05., to the content provider 1 01 by the in-band 
method. 

[0739] In this case, a module Mod^ encrypted by the 
session key data K SES obtained by the mutual certifica- 
tion between the content provider 101 and the SAM 
105., is transmitted from the SAM 105-, to the content 
provider 101 . 

[0740] In the module Mod^, a module Mod 55 and the 
signature data SIG SAM1 by the secret key data K SAM1 s 
thereof are stored. 

[0741] In the module Mod 55 , the certificate data 
cer sami storing the secret key data K SAM1 P of the 
SAM 1 05., , the signature data SIG ESC by the secret key 
data K ESCS with respect to the certificate data 
cer sami> and tne data Data to be transmitted are 
stored. 

[0742] In this way, by transmitting the module Mod 55 
storing the certificate data CER SAM1 from the SAM 1 05! 
to the content provider 101, when verifying the signature 
data SIG SAM1 in the content provider 101, it becomes 
unnecessary to transmit the certificate data CER SAM1 
from the EMD service center 1 02 to the content provider 
101. 

[0743] Figures 42E and 42F are views for explaining 
the data format where the data Data is transmitted from 
the SAM 1 05^ to the content provider 1 01 by the out-of- 
band method. 

[0744] In this case, a module Mod 56 shown in Fig.42E 
encrypted by the session key data K SES obtained by the 
mutual certification between the content provider 101 
and the SAM 1 05! is transmitted from the SAM 1 05! to 



the content provider 101 . 

[0745] In the module Mod 56 , the data Data to be trans- 
mitted and the signature data SIG SAM1 by the secret key 
data K SAM1 s thereof are stored. 

5 [0746] Also, from the EMD service center 102 to the 
content provider 1 01 , a module Mod 57 shown in Fig. 42F 
encrypted by session key data K SES obtained by the mu- 
tual certification between the EMD service center 102 
and the content provider 101 is transmitted. 

10 [0747] In the module Mod 57 , the certificate data 
cer sami of tne SAM 105 i and the signature data Sl- 
g esc b y tne secret key data K ESC s thereof are stored. 
[0748] Figure 43G is a view for explaining the data for- 
mat where the data Data is transmitted from the content 

15 provider 101 to the EMD service center 1 02 by the in- 
band method. 

[0749] In this case, a module Mod 58 encrypted by the 
session key data K SES obtained by the mutual certifica- 
tion between the content provider 101 and the EMD 
20 service center 1 02 is transmitted from the content pro- 
vider 101 to the EMD service center 102. 
[0750] In the module Mod 58( a module Mod 59 and the 
signature data SIG CP by the secret key data ^q P S there- 
of are stored. 

25 [0751] In the module Mod 59 , the certificate data CER- 
CP storing the secret key data Kcpp of the content pro- 
vider 101 , the signature data SIG ESC by the secret key 
data K ESC s with respect to the certificate data CER CP , 
and the data Data to be transmitted are stored. 

30 [0752] Figure 43H is a view for explaining the data for- 
mat of the case where the data Data is transmitted from 
the content provider 1 01 to the EMD service center 1 02 
by the out-of-band method. 

[0753] In this case, from the content provider 101 to 
35 the EMD service center 1 02, a module Mod 60 shown in 
Fig. 43H encrypted by the session key data K SES ob- 
tained by the mutual certification between the content 
provider 101 and the EMD service center 102 is trans- 
mitted. 

40 [0754] In the moduleMod 60 , the data Data to be trans- 
mitted and the signature data SIG CP by the secret key 
data K CPS thereof are stored. 

[0755] At this time, the certificate data CER CP of the 
content provider 1 01 has been already registered in the 
^5 EMD service center 1 02. 

[0756] Figure 43I is a view for explaining the data for- 
mat where the data Data is transmitted from the SAM 
105! to tne EMD service center 102 by the in-band 
method. 

50 [0757] In this case, a module Mod 61 encrypted by the 
session key data K SES obtained by the mutual certifica- 
tion between the EMD service center 102 and the SAM 
105! is transmitted from the SAM 105! to the EMD serv- 
ice center 1 02. 

55 [0758] In the module Mod 61 , a module Mod 62 and the 
signature data SIG SAM1 by the secret key data K SAM1 s 
thereof are stored. 

[0759] In the module Mod 62 , the certificate data 
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CER SAM1 storing the secret key data K SAM1 P of the 
SAM 1 05 1 , the signature data SIG ESC by the secret key 
data K ESCS with respect to the certificate data 
CER SAM1 , and the data Data to be transmitted are 
stored. 

[0760] Figure 43 J is a view for explaining the data for- 
mat where the data Data is transmitted from the SAM 
1 05 1 to the EMD service center 1 02 by the out-of-band 
method. 

[0761] In this case, a module Mod^ shown in Fig, 43J 
encrypted by the session key data K SES obtained by the 
mutual certification between the EMD service center 
102 and the SAM 105 1 is transmitted from the SAM 105! 
to the EMD service center 1 02. 

[0762] In the module Mod^, the data Data to be trans- 
mitted and the signature data SIG SAM1 by the secret key 
data K SAM1 s thereof are stored. 

[0763] At this time, in the EMD service center 1 02, the 
certificate data CER SAM1 of the SAM 1 05 1 has been al- 
ready registered. 

[0764] Below, an explanation will be made of the reg- 
istration processing in the EMD service center 102 at 
the time of shipment of the SAMs 1 05-, to 1 05 4 . 
[0765] Note that, the registration processings of the 
SAMs 105.| to 105 4 are the same, so the registration 
processing of the SAM 105-, will be mentioned below. 
[0766] At the time of shipment of the SAM 105 1( by 
the key server 141 of the EMD service center 102 shown 
in Fig. 24, the key data shown below is initially registered 
in the storage unit 1 92 shown in Fig. 26 etc. via the SAM 
management unit 149. 

[0767] Further, in the SAM 105.,, for example, at the 
time of shipment, the program etc. used when accessing 
the EMD service center 102 by the SAM 105! the first 
time are stored in the storage unit 192 etc. 
[0768] Namely, in the storage unit 192, for example, 
the identifier SAMJD of the SAM 105 t given an "*" at 
the left side in Fig. 30, storage use key data K STR) public 
key data K R _ CA of the route certificate authority 2, public 
key data K ESC P of the EMD service center 102, secret 
key data K SAM1 s of the SAM 105 1 , certificate data 
CER SAM1 and the signature data SIGgg ESC thereof, and 
the original key data for creating the certification use key 
data between the decryption and/or expansion module 
163 and the media SAM are stored by the initial regis- 
tration. 

[0769] Note that, it is also possible to transmit the cer- 
tificate data CER SAM1 from the EMD service center 1 02 
to the SAM 105! when registering the same after the 
time of shipment of the SAM 105 v 
[0770] Also, in the storage unit 192, at the time of ship- 
ment of the SAM 1 05! , a file reader indicating the read- 
ing format of the content file CF and the key file KF 
shown in Fig. 5 is written by the EMD service center 1 02. 
[0771] In the SAM 105^ when utilizing the data stored 
in the content file CF and the key file KF, the file reader 
stored in the storage unit 192 is used. 
[0772] Here, the public key data Kr_ ca of the route 



certificate authority 2 uses an RSA generally used in 
electronic commercial transactions over the Internet 
and has a data length of for example 1 024 bits. The pub- 
lic key data K R . CA is issued by the route certificate au- 

5 thority 2 shown in Fig. 1 . 

[0773] Also, the public key data K ESC P of the EMD 
service center 102 is produced by utilizing an elliptical 
curve code having a short data length and a power 
equivalent to the RSA or more. Its data length is for ex- 

10 ample 1 60 bits. Note, when considering the power of the 
encryption, desirably the public key data K ESC P has 1 92 
bits or more. Further, the EMD service center 102 reg- 
isters the public key data K ESC P in the route certificate 
authority 92. 

*5 [0774] Also, the route certificate authority 92 produc- 
es the certificate data CER ESC of the public key data 
K ESC P . The certificate data CER ESC storing the public 
key data K ESC p is preferably stored in the storage unit 
192 at the time of shipment of the SAM 105!- In this 

20 case, the certificate data CER ESC is signed by a secret 
key data K ROOTS of the route certificate authority 92, 
[0775] The EMD service center 1 02 produces the se- 
cret key data K SAM1 s of the SAM 105! b y generating a 
random number and produces the public key data 

25 k sami,p forming a pair together with this. 

[0776] Also, the EMD service center 1 02 is given the 
certification of the route certificate authority 92, issues 
the certificate data CER SAM1 of the public key data 
K SAM1 P , and attaches the signature data to this by using 

30 its own secret key data K ESC s . Namely, the EMD serv- 
ice center 102 achieves the function of a second CA 
(certificate authority). 

[0777] Also, the unique identifier SAMJD under the 
management of the EMD service center 1 02 is allocated 

35 to the SAM 105! bv tne SAM management unit 149 of 
the EMD service center 102 shown in Fig. 24. This is 
stored in the storage unit 192 of the SAM 105! and, at 
the same time, stored also in the SAM database 149a 
shown in Fig. 24 and managed by the EMD service cent- 

40 er102. 

[0778] Also, the SAM 1 05! is connected to and regis- 
tered at the EMD service center 1 02 by for example the 
user after the time of shipment. At the same time, the 
distribution use public key data KD 1 to KD 3 are trans- 
45 ferred from the EMD service center 102 to the storage 
unit 192. 

[0779] Namely, the user utilizing the SAM 105! must 
perform a registration procedure at the EMD service 
center 1 02 before downloading the content. This regis- 

50 tration procedure is carried out off-line by for example 
mail by the user himself giving information specifying 
himself by using for example a registration card at- 
tached when purchasing the apparatus with the SAM 
105 1 mounted thereon (in the related example, network 

55 apparatus 160!). 

[0780] The SAM 105! cannot be used until the regis- 
tration procedure is passed. 

[0781] The EMD service center 102 issues the iden- 
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tifier USERJD inherent to the user in accordance with 
the registration procedure of the SAM by the user, 
manages the correspondence between the SAM_ID 
and the USERJD in for example the SAM database 
149a shown in Fig. 24, and utilizes the same at the time 5 
of charging. 

[0782] Also, the EM D service center 1 02 allocates the 
information reference use identifier ID and the password 
used at the first time to the user of the SAM 1 05 1 and 
notifies this to the user. The user can make an inquiry 10 
about information for example the usage situation (us- 
age log) of the content data up to the present at the EMD 
service center 102 by using the information reference 
use identifier ID and the password. 

[0783] Also, the EMD service center 1 02 confirms the 15 
identity of the user at the credit card company or the like 
or confirms the user off-line at the time of registration of 
the user. 

[0784] Next, as shown in Fig. 30, an explanation will 
be made of the procedure for storing the SAM registra- 20 
tion list in the storage unit 192 inside the SAM 105-,. 
[0785] The SAM 105 1 shown in Fig. 1 acquires the 
SAM registration list of the SAMs 105 1 to 1 05 4 existing 
in its own system by utilizing a topology map produced 
when powering up apparatuses connected to the bus 25 
191 and connecting new apparatuses to the bus 191 
where for example the IEEE1394 serial bus is used as 
the bus 191 . 

[0786] Note that, the topology map produced in ac- 
cordance with the IEEE1 394 serial bus, that is, the bus 30 
1 91 , is produced for the SAMs 1 05 1 to 1 05 4 and SCMS 
processing circuits 105 5 and 105 6 when, for example, 
as shown in Fig. 44, in addition to the SAMs 105-, to 
105 4 , SCMS processing circuits 105 5 and 105 6 of AV 
apparatus 1 60 5 and 1 60 6 are connected to the bus 191. 35 
[0787] Accordingly, the SAM 105! extracts the infor- 
mation for the SAMs 105., to 105 4 from the related to- 
pology map and produces the SAM registration list 
shown in Fig. 45. 

[0788] Then, the SAM 105., registers the SAM regis- 40 
tration list shown in Fig. 45 in the EMD service center 
1 02 and acquires the signature. 
[0789] These processings are automatically carried 
out by the SAM 1 05 1 by utilizing the session of the bus 
1 91 . The registration instruction of the SAM registration 45 
list is issued to the EMD service center 102. 
[0790] The EMD service center 1 02 confirms the ex- 
piration date when receiving the SAM registration list 
shown in Fig. 45 from the SAM 105^ Then, the EMD 
service center 1 02 sets up the corresponding portion by so 
referring to the existence of the settlement function des- 
ignated by the SAM 105., at the time of registration. Fur- 
ther, the EMD service center 1 02 checks the revocation 
list and sets a revocation flag in the SAM registration 
list. The revocation list is the list of the SAMs for which 55 
usage is prohibited (invalid) by the EMD service center 
1 02 for the reason of for example illegitimate usage. 
[0791] Also, the EMD service center 1 02 extracts the 



SAM registration list corresponding to the SAM 105., at 
the time of settlement and confirms if the SAM described 
therein is contained in the revocation list. Further, the 
EMD service center 102 attaches the signature to the 
SAM registration list. 

[0792] By this, the SAM registration list shown in Fig. 
46 is produced. 

[0793] Note that, the SAM revocation list is produced 
aimed at only the SAMs of the identical system (con- 
nected to the identical bus 191), and the validity and in- 
validity of the related SAMs are indicated by the revo- 
cation flag corresponding to each SAM. 
[0794] Below, an explanation will be made of the over- 
all operation of the content provider 1 01 shown in Fig. 1. 
[0795] Figure 47 is a flowchart of the overall operation 
of the content provider 1 01 . 

[0796] Step S1: The EMD service center 102 trans- 
mits the certificate data CER CP of the public key data 
K CP of the content provider 101 to the content provider 
101 after the content provider 101 goes through the pre- 
determined registration processing. 
[0797] Also, the EM D service center 1 02 transmits the 
certificate CER CP1 to CEFt CP4 of the public key data 
k sami,p to k sam4,p of the SAMs 105! to 1 05 4 to the 
SAMs 105! to 105 4 after the SAMs 105! to 105 4 pass 
through the predetermined registration processing. 
[0798] Also, the EMD service center 1 02 transmits 
three months' worth of the distribution use key data KD., 
to KD 3 each having the expiration date of one month to 
the SAMs 105! to 105 4 of the user home network 103 
after the mutual certification. 

[0799] In this way, in the EMD system 1 00, the distri- 
bution use key data KD! t0 KD 3 are distributed to the 
SAMs 105! t0 105 4 in advance. Therefore, even in the 
state where the space between the SAMs 1 05! to 1 05 4 
and the EMD service center 102 is off-line, the secure 
container 1 04 distributed from the content provider 1 01 
can be decrypted and purchased and used in the SAMs 
1 05! to 1 05 4 . In this case, the log of the related purchase 
and/or usage is described in the usage log data 108, 
and the usage log data 1 08 is automatically transmitted 
to the EMD service center 1 02 when the SAMs 1 05! to 
105 4 and the EMD service center 102 are connected. 
Therefore, the settlement processing in the EMD serv- 
ice center 102 can be reliably carried out. Note that, a 
SAM for which usage log data 108 cannot be collected 
by the EMD service center 102 in a predetermined pe- 
riod is regarded as being invalidated by the revocation 
list. 

[0800] Note that, the usage control status data 1 66 is 
transmitted from the SAMs 105! to 105 4 to the EMD 
service center 102 in real-time in principle. 
[0801] Step S2: The content provider 101 transmits 
the right registration request module Mod 2 shown in Fig. 
18 to the EMD service center 102 after the mutual cer- 
tification. 

[0802] Then, the EMD service center 102 registers 
and authenticates the usage control policy data 1 06 and 
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the content key data Kc after the predetermined signa- 
ture verification. 

[0803] Also, the EMD service center 102 produces six 
months' worth of the key files KF in accordance with the 
registration use module Mod 2 and transmits them to the 
content provider 101. 

[0804] Step S3: The content provider 101 produces 
the content files CF and the signature data SIG 6CP 
thereof and the key file KF and the signature data 
SIG 7 ,cp thereof shown in Figs. 5A and 5B and distrib- 
utes the secure container 1 04 storing them and the cer- 
tificate data CER CP and the signature data SIG 1 ESC 
thereof shown in Fig. 5C to the SAMs 105 1 to 105 4 of 
the user home network 103 on-line and/or off-line. 
[0805] In the on-line case, the content provider use 
transport protocol is used. The secure container 104 is 
transported from the content provider 101 to the user 
home network 103 in a form not depending upon the 
related protocol (namely, as data transmitted by using a 
predetermined layer of communication protocol com- 
prised of a plurality of layers). Also, in the off-line case, 
the secure container 1 04 is transported from the content 
provider 1 01 to the user home network 1 03 in the state 
stored in a ROM type or RAM type storage medium. 
[0806] Step S4: The SAMs 105! to SAM 105 4 of the 
user home network 103 verify the signature data 
SIG 6 CP , SIG 7 CP , and SIG K1 ESC in the secure container 
104 distributed from the content provider 101 and con- 
firm the legitimacy of the producer and transmitter of the 
content file CF and the key file KF, then decrypt the key 
file KF by using the distribution use data KD-, to KD 6 of 
the corresponding period. 

[0807] Step S5: In the SAMs 105, to 105 4 , the pur- 
chase and/or usage form is determined based on the 
operation signal S165 in accordance with the operation 
of the purchase and/or usage form determination oper- 
ation unit 165 shown in Fig. 25 by the user. 
[0808] At this time, in the usage monitor unit 186 
shown in Fig. 31 , the purchase and/or usage form of the 
content file CF by the user is managed based on the 
usage control policy data 106 stored in the secure con- 
tainer 104. 

[0809] Step S6: In the charge processing unit 187 
shown in Fig. 31 of the SAMs 105., to 105 4 , the usage 
log data 108 and the usage control status data 166 de- 
scribing the operation of the settlement of the purchase 
and/or usage form by the user are produced based on 
the operation signal S165 and are transmitted to the 
EMD service center 102. 

[0810] Step S7: The EMD service center 102 per- 
forms the settlement processing based on the usage log 
data 108 in the settlement processing unit 142 shown 
in Fig. 24 and produces the settlement claim data 152 
and the settlement report data 107. The EMD service 
center 102 transmits the settlement claim data 152 and 
the signature data SIG 88 thereof via the payment gate- 
way 90 shown in Fig. 1 to the settlement manager 91 . 
Further, the EMD service center 102 transmits the set- 



tlement report data 1 07 to the content provider 101. 
[0811] Step S8: In the settlement manager 91 , after 
verifying the signature data SIG 88 , based on the settle- 
ment claim data 152, the money paid by the user is dis- 

5 tributed to the owner of the content provider 1 01 . 

[0812] As explained above, in the EMD system 100, 
the secure container 104 of the format shown in Fig. 5 
is distributed from the content provider 101 to the user 
home network 103, and the processing for the key file 

10 KF in the secure container 1 04 is carried out in the SAMs 
105., to 105 4 . 

[0813] Also, the content key data Kc and the usage 
control policy data 106 stored in the key file KF have 
been encrypted by using the distribution use key data 

15 KD<| to KD 3 and decrypted inside only the SAMs 105! 
to 1 05 4 holding the distribution use key data KD., to KD 3 . 
Then, in the SAMs 105! to 105 4 , the purchase form and 
the usage form of the content data C are determined 
based on a module having tamper resistance and the 

20 handling content of the content data C described in the 
usage control policy data 106. 

[0814] Accordingly, according to the EMD system 
100, the purchase and usage of the content data C in 
the user home network 103 can be reliably carried out 
25 based on the content of the usage control policy data 
106 produced by the interested parties of the content 
provider 101. 

[0815] Also, in the EMD system 100, by distributing 
the content data C from the content provider 101 to the 
30 user home network 103 by using the secure container 
1 04 in both of the cases of on-line and off-line, the rights 
clearing of the content data C in the SAMs 1 05! to 105 4 
can be shared in both cases. 

[0816] Also, in the EMD system 100, when purchas- 
es jng, using, recording, and transferring the content data 
C in the network apparatus 160! and the AV apparatus- 
es 160 2 to 160 4 in the user home network 103, by per- 
forming processing always based on the usage control 
policy data 1 06, common rights clearing rule can be em- 
40 ployed. 

[0817] Figure 48 is a view for explaining an example 
of the transport protocol of the secure container em- 
ployed in the first embodiment. 

[0818] As shown in Fig. 48, in them ulti -processor sys- 
45 tern 100, as the protocol for transporting the secure con- 
tainer 104 from the content provider 101 to the user 
home network 1 03, use is made of for example TCP/IP 
and XML/SMIL 

[0819] Also, as the protocol for transferring the secure 
so container between SAMs of the user home network 103, 
and the protocol for transferring the secure container be- 
tween the user home networks 103 and 103a, use is 
made of for example XMUSMIL constructed in the 1 394 
serial bus interface. Also, in this case, it is also possible 
55 to store the. secure container in a ROM type or RAM 
type storage medium and transport the same between 
SAMs. 
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First modification of first embodiment 

[0820] In the above embodiment, as shown in Fig. 5B f 
the case where the key file KF was encrypted by using 
the distribution use key data KD in the EMD service 5 
center 102, and the key file KF was decrypted by using 
the distribution use key data KD in the SAMs 105 1 to 
1 05 4 was exemplified, but the encryption of the key file 
KF using the distribution use key data KD does not al- 
ways have to be carried out when the secure container 10 
1 04 is directly supplied from the content provider 1 01 to 
the SAMs 105 1 to 105 4 as shown in Fig. 1. 
[0821] In this way, the encryption of the key file KF by 
using the distribution use key data KD has a large effect 
when suppressing illegitimate action by the service pro- is 
vider by giving the distribution use key data KD to only 
the content provider and the user home network when 
the content data is supplied from the content provider to 
the user home network via the service provider as in the 
second embodiment mentioned later. 20 
[0822] Note, also in the case of the first embodiment, 
the encryption of the key file KF by using the distribution 
use key data KD has an effect in the point of raising the 
force of suppressing illegitimate usage of the content 
data. 25 
[0623] Further, in the above embodiment, the case 
where the suggested retailer's price data SRP was 
stored in the usage control policy data 1 06 in the key file 
KF shown in Fig. 5B was exemplified, but it is also pos- 
sible to store the suggested retailer's price data SRP 30 
(price tag data) other than in the key file KFin the secure 
container 104. In this case, signature data produced by 
using the secret key data Kcp is attached to the sug- 
gested retailer's price data SRP. 

35 

Second modification of first embodiment 

[0824] In the first embodiment, as shown in Fig. 1 , the 
case where the EMD service center 1 02 performed the 
settlement processing in the settlement manager 91 via 40 
the payment gateway 90 by using the settlement claim 
data 152 produced by itself was exemplified, but it is 
also possible to transmit for example the settlement 
claim data 1 52 from the EMD service center 1 02 to the 
content provider 101 as shown in Fig. 49 and have the 45 
content provider 101 itself perform the settlement 
processing at the settlement manager 91 via the pay- 
ment gateway 90 by using the settlement claim data 
152. 

50 

Third modification of first embodiment 

[0825] I n the first embodiment, the case where the se- 
cure container 104 was supplied from a single content 
provider 1 01 to the SAMs 1 05! to 1 05 4 of the user home 55 
network 1 03 was exemplified, but it is also possible to 
supply secure containers 104a and 104b from two or 
more content providers 101a and 101b to the SAMs 



1 05 1 to 1 05 4 . 

[0826] Figure 50 is a view of the configuration of the 
EMD system according to a third modification of the first 
embodiment where the content providers 101a and 
101b are used. 

[0827] In this case, the EMD service center 102 dis- 
tributes key files KFa-, to KFa 6 and KFb 1 to KFb 6 en- 
crypted by using six months' worth of distribution use 
key data KDa^ to KDa 6 and KDb-, to KDb 6 to the content 
providers 101a and 101b. 

[0828] Also, the EMD service center 102 distributes 
three months' worth of distribution use key data KDa 1 to 
KDa 3 and KDb., to KDb 3 to the SAMs 105! to 105 4 . 
[0829] Then , the content provider 1 01 a supplies a se- 
cure container 1 04a storing a content file CFa encrypted 
by using unique content key data Kca and key files KFa 1 
to KFa 6 of the corresponding period received from the 
EMD service center 102 to the SAMs 105 1 to 105 4 on- 
line and/or off-line. 

[0830] At this time, as the identifier of a key file, use 
is made of the global unique identifier content ID distrib- 
uted by the EMD service center 102. The content data 
is centrally managed by the EMD service center 102. 
[0831] Also, the content provider 1 01 b supplies a se- 
cure container 104b storing a content file CFb encrypted 
by using unique content key data Kcb and key files KFb-, 
to KFb 6 of the corresponding period received from the 
EMD service center 102 to the SAMs 105! to 105 4 on- 
line and/or off-line. 

[0832] The SAMs 105! to 105 4 decrypt the secure 
container 104a by using the distribution use key data 
KDa-, to KDa 3 of the corresponding period, determine 
the purchase form of the content after passing through 
the predetermined signature verification processing, 
etc., and transmit usage log data 108a and usage con- 
trol status data 166a produced in accordance with the 
related determined purchase form and usage form to the 
EMD service center 1 02. 

[0833] Also, the SAMs 105., to 105 4 decrypt the se- 
cure container 104b by using the distribution use key 
data KDb., to KDb 3 of the corresponding period, deter- 
mine the purchase form of the content after passing 
through the predetermined signature verification 
processing, etc., and transmit usage log data 1 08b and 
usage control status data 1 66b produced in accordance 
with the related determined purchase form and usage 
form to the EMD service center 1 02. 
[0834] In the EMD service center 102, based on the 
usage log data 108a, settlement claim data 152a for the 
content provider 101a is produced, and settlement 
processing is carried out at the settlement manager 91 
using this. 

[0835] Also, in the EMD service center 102, settle- 
ment claim data 152b for the content provider 101b is 
produced based on the usage log data 108b, and set- 
tlement processing is carried out at the settlement man- 
ager 91 using this. 

[0836] Also, the EM D service center 1 02 registers and 
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authenticates the usage control policy data 106a and 
106b. At this time, the EMD service center 102 distrib- 
utes the global unique identifier content ID for the key 
files KFa and KFb corresponding to the usage control 
policy data 1 06a and 1 06b. 

[0837] Also, the EMD service center 102 issues cer- 
tificate data CER CPa and CER CPb of the content provid- 
ers 101a and 101b and attaches signature data 
SIG 1b ESC and SIG 1a ESC to them to verify their legitima- 
cy. 

Fourth modification of first embodiment 

[0838] In the above embodiment, the case where the 
content files CF and the key files KF were stored in the 
secure container 104 with directory structures and 
transmitted from the content provider 101 to the SAMs 
105 1 to 105 4 was exemplified, but it is also possible to 
separately transmit the content files CF and the key file 
KF to the SAMs 105! to 105 4 . 

[0839] This includes for example the following first 
technique and second technique. 

[0840] In the first technique, as shown in Fig. 52, the 
content files CF and the key files KF are separately 
transmitted from the content provider 101 to the SAMs 
,105-, to 105 4 in a format not depending upon the com- 
munication protocol. 

[0841] Also, in the second technique, as shown in Fig. 
52, the content files CF are transmitted from the content 
provider 101 to the SAMs 105! to 105 4 in a format not 
depending upon the communication protocol and, at the 
same time, the key files KF are transmitted from the 
EMD service center 1 02 to the SAMs 1 05-, to 1 05 4 . The 
related key files KF are transmitted from the EMD serv- 
ice center 1 02 to the SAMs 1 05! to 1 05 4 when for ex- 
ample the users of the SAMs 1 05! to 1 05 4 are about to 
determine the purchase form of the content data C. 
[0842] When the first technique and the second tech- 
nique are employed, a link is established between relat- 
ed content files CF and between the content files CF 
and the key files KF corresponding to them by using hy- 
per link data stored in the header of at least one of the 
content file CF and the key file KF. In the SAMs 1 05! t0 
105 4 , the rights clearing and the usage of the content 
data C are carried out based on the related link. 
[0843] Note that, in the present modification, as the 
formats of the content file CF and the key file KF. for 
example, those shown in Figs. 5A and 5B are employed. 
Also, in this case, preferably, together with the content 
file CF and the key file KF, the signature data SIG 6CP 
and SIGy CP thereof are transmitted. 

Fifth modification of first embodiment 

[0844] In the above embodiment, the case where the 
content file CF and the key file KF were separately pro- 
vided in the secure container 1 04 was exemplified, but 
for example it is also possible to store the key file KF in 



the content file CF in the secure container 1 04 as shown 
in Fig. 53. 

[0845] In this case, the signature data by the secret 
key data Kq PS of the content provider 1 01 is attached 
5 to the content file CF storing the key file KF 

Sixth modification of first embodiment 

[0846] In the above embodiment, the case where the 
10 content data C was stored in the content file CF, and the 
content key data Kc and the usage control policy data 
106 were stored in the key file KF and transmitted from 
the content provider 1 01 to the SAM 105! or the like was 
exemplified, but it is also possible to transmit at least 
'5 one among the content data C, content key data Kc, and 
the usage control policy data 1 06 from the content pro- 
vider 1 01 to the SAM 1 05! ortne !ike without employing 
the file format and in a format not depending upon the 
communication protocol. 
20 [0847] For example, as shown in Fig. 54, it is also pos- 
sible if a secure container 104s storing the key file . KF 
containing the content data C encrypted by the content 
key data Kc, the encrypted content key data Kc, the en- 
crypted usage control policy data 106, etc. is produced 
^5 in the content provider 101, and the secure container 
104s is transmitted to the SAM 105! etc * in a format not 
depending upon the communication protocol. 
[0848] Also, as shown in Fig. 55, it is also possible to 
individually transmit the key file KF containing the con- 
30 tent data C encrypted by the content key data Kc, en- 
crypted content key data Kc, the encrypted usage con- 
trol policy data 1 06, and so on from the content provider 
1 01 to the SAM 1 05! etc. in a format not depending upon 
the communication protocol. Namely, the content data 
35 c is transmitted by an identical route to the key file KF 
without employing the file format. 
[0849] Also, as shown in Fig. 56, it is also possible if 
the content data C encrypted by the content key data 
Kc is transmitted from the content provider 101 to the 
40 SAM 1 05! etc. in a format not depending upon the com- 
munication protocol and, at the same time, the key file 
KF containing the encrypted content key data Kc and 
the encrypted usage control policy data 1 06 etc. is trans- 
mitted from the EMD service center 102 to the SAM 
45 1051 etc. Namely, the content data C is transmitted by 
a different route from that for the key file KF without em- 
ploying the file format. 

[0850] Also, as shown in Fig. 57, it is also possible if 
the content data C encrypted by the content key data 
50 Kc, the content key data Kc, and the usage control policy 
data 1 06 are transmitted from the content provider 101 
to the SAM 105! etc - ' n a f Qrma t not depending upon 
the communication protocol. Namely, the content data 
C, content key data Kc, and the usage control policy da- 
55 ta 1 06 are transmitted by the identical route without em- 
ploying the file format. 

[0851] Also, as shown in Fig. 58, it is also possible if 
the content data C encrypted by the content key data 
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Kc is transmitted from the content provider 101 to the 
SAM 1 05 1 etc. in a format not depending upon the com- 
munication protocol and, at the same time, the content 
key data Kc and the usage control policy data 106 are 
transmitted from the EMD service center 1 02 to the SAM 
1 05 1 etc. Namely, the content data C, content key data 
Kc, and the usage control policy data 106 are transmit- 
ted by different routes without employing the file format. 

Second embodiment 

[0852] In the above embodiment, the case where the 
content data was directly distributed from the content 
provider 1 01 to the SAMs 1 05 1 to 1 05 4 of the user home 
network 1 03 was exemplified, but in the present embod- 
iment, an explanation will be made of a case where the 
content data provided by the content provider is distrib- 
uted to a SAM of the user home network via the service 
provider. 

[0853] Figure 59 is a view of the configuration of an 
EMD system 300 of the present embodiment. 
[0654] As shown in Fig. 59, the EMD system 300 has 
a content provider 301 , an EMD service center 302, the 
user home network 303, a service provider 31 0, the pay- 
ment gateway 90, and the settlement manager 91 . 
[0855] The content provider 301 , EMD service center 
302, SAMs 305 1 to 305 4 , and the service provider 310 
correspond to the data providing apparatus, manage- 
ment device, data processing apparatus, and the data 
distribution apparatus according to claim 22 and claim 
152 etc. 

[0856] The content provider 301 is the same as the 
content provider 1 01 of the first embodiment except for 
the point that it supplies the content data to the service 
provider 310. 

[0857] Also, the EMD service center 302 is the same 
as the EMD service center 102 of the first embodiment 
except for the point that the certificate authority function, 
key data management function, and the rights clearing 
function are provided also to the service provider 31 0 in 
addition to the content provider 101 and SAMs 505 1 to 
505 4 . 

[0858] Also, the user home network 303 has a net- 
work apparatus 360 1 and AV apparatuses 360 2 to 360 4 . 
The network apparatus 360 1 includes a SAM 305., and 
a CA module 311, and the AV apparatuses 360 2 to 360 4 
include the SAMs 305 2 to 305 4 . 

[0859] Here : the SAMs 305! to 305 4 are the same as 
the SAMs 105-, to 105 4 of the first embodiment except 
for the point that they are distributed a secure container 
304 from the service provider 31 0 and the point that they 
perform the verification processing of the signature data 
and the preparation of an SP use purchase log data (da- 
ta distribution device use purchase log data) 309 for the 
service provider 310 in addition to the content provider 
301. 

[0860] First, a brief explanation will be made of the 
EMD system 300. 



[0861] In the EMD system 300, the content provider 
301 transmits the usage control policy (UCP) data 106 
in the same way as that of the first embodiment men- 
tioned before indicating the rights contents such as the 
5 usage permission condition of the content data C of the 
content to be provided by itself and the content key data 
Kc to the EMD service center 302 as the authority man- 
ager having a high reliability. The usage control policy 
data 1 06 and the content key data Kc are registered and 
10 authenticated (certified) in the EMD service center 302. 
[0862] Also, the content provider 301 encrypts the 
content data C by the content key data Kc and produces 
the content file CF. Also, the content provider receives 
six months' worth of the key files KF for the content files 
'5 CF from the EMD service center 302. 

[0863] In the related key file KF, the signature data for 
verifying the existence of tampering of the related key 
file KF and the legitimacy of the producer and the trans- 
mitter of the related key file KF is stored. 
20 [0864] Then, the content provider301 supplies these- 
cure container 104 shown in Fig. 5 storing the content 
file CF, key file KF, and its own signature data to the 
service provider 31 0 by using a network such as the In- 
ternet, digital broadcast, storage medium, or informal 
25 protocol or off-line or the like. 

[0865] Also, the signature data stored in the secure 
container 104 is used for verifying the existence of tam- 
pering of the corresponding data and the legitimacy of 
the producer and transmitter of the related data. 
30 [0866] When receiving the secure container 1 04 from 
the content provider 301 , the service provider 31 0 veri- 
fies the signature data and confirms the producer and 
the transmitter of the secure container 1 04. 
[0867] Next, the service provider 310 produces price 
35 tag data (PT) 31 2 indicating the price obtained by adding 
a price for service such as authoring performed by itself 
to the price (SRP) for the content intended by the con- 
tent provider 301 notified for example off-line. 
[0868] Then, the service provider 310 produces the 
40 secure container 304 storing the content file CF and key 
file KF extracted from the secure container 104, price 
tag data 312, and the signature data by its own secret 
key data K SPS with respect to them. 
[0869] At this time, the key file KF has been encrypted 
45 by the distribution use key data KD 1 to KD 6 , and the 
service provider 310 does not hold the related distribu- 
tion use key data KD n to KD 6 , therefore the service pro- 
vider 310 cannot see or rewrite the content of the key 
file KF. 

50 [0870] Also, the EMD service center302 registers and 
authenticates the price tag data 312. 
[0871] The service provider 310 distributes the secure 
container304 tothe user home network 303 on-line and/ 
or off-line. 

55 [0872] At this time, in the case of off-line, the secure 
container 304 is stored in the ROM type storage medium 
or the like and supplied to the SAMs 305 1 to 305 4 as it 
is. On the other hand, in the case of on-line, mutual cer- 
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tification is carried out between the service provider 31 0 
and the CA module 31 1 , the secure container 304 is en- 
crypted by using the session key data K SES in the serv- 
ice provider 310 and transmitted, and the secure con- 
tainer 304 received at the CA module 311 is decrypted 5 
by using the session key data K SES and then transferred 
to the SAMs 305! to 305 4 . 

[0873] In this case, as the communication protocol for 
transmitting the secure container 304 from the content 
provider 301 to the user home network 303, an MHEG 
(Multimedia and Hypermedia Information Coding Ex- 
perts Group) protocol is used in the case of a digital 
broadcast and XML7S MIL/HTML (Hyper Textmarkup 
Language) is used in the case of the Internet. In these 
communication protocols, the secure container 304 is 
buried by tunneling in a format not depending upon the 
related communication protocol (encoding method or 
the like). 

[0874] Accordingly, it is not necessary to ensure com- 
patibility of the format between the communication pro- 
tocol and the secure container 304, so the format of the 
secure container 304 can be flexibly set. 
[0875] Next, in the SAMs 305! to 305 4 , the signature 
data stored in the secure container 304 is verified, and 
the legitimacy of producers and transmitters of the con- 
tent file CF and the key file KF stored in the secure con- 
tainer 304 is confirmed. Then, in the SAMs 305! to 305 4 , 
when the related legitimacy is confirmed, the key file KF 
is decrypted by using the distribution use data KD n to 
KD 3 of the corresponding period distributed from the 
EMD service center 302. 

[0876] The secure container 304 supplied to the 
SAMs 305! to 305 4 is reproduced and recorded into the 
storage medium after the purchase and/or usage form 
is determined in accordance with the operation of the 
user in the network apparatus 360! and the AV appara- 
tuses 360 2 to 360 4 . 

[0877] The SAMs 305! t0 305 4 store the lo 9 ° f the pur- 
chase and/or usage of the secure container 304 as the 
usage log data 308. 

[0878] A usage log data (log data or the management 
device use log data) 308 is transmitted from the user 
home network 303 to the EMD service center 302 in re- 
sponse to for example a request from the EMD service 
center 302. 

[0879] Also, the SAMs 305! to 305 4 transmit the us- 
age control status (UCS) data 1 66 indicating the related 
purchase form to the EMD service center 302 when the 
purchase form of the content is determined. 
[0880] The EMD service center 302 determines (cal- 
culates) the charge content for each of the content pro- 
vider 301 and the service provider 3 1 0 based on the us- 
age log data 308 and performs settlement at the settle- 
ment manager 91 such as a bank via the payment gate- 
way 90 based on the results. By this, the money paid by 
the user of the user home network 1 03 is distributed to 
the content provider 101 and the service provider 310 
by the settlement processing by the EMD service center 



102. 

[0881] In the present embodiment, the EMD service 
center 302 has the certificate authority function, key da- 
ta management function, and the rights clearing (profit 
distribution) function. 

[0882] Namely, the EMD service center 302 functions 
as a second certificate authority with respect to the route 
certificate authority 92 as the highest authority manager 
at the neutral position and verifies the legitimacy of the 
related public key data by attaching a signature by the 
secret key data of the EMD service center 302 to the 
certificate data of the public key data to be used for the 
verification processing of the signature data in the con- 
tent provider 301 , service provider 31 0, and the SAMs 
305! to 305 4 . Further, as mentioned before, also the reg- 
istration and authentication of the usage control policy 
data 106 of the content provider 301 , content key data 
Kc, and the price tag data 312 of the service provider 
31 0 are achieved by the certificate authority function of 
the EMD service center 302. 

[0883] Also, the EMD service center 302 has a key 
data management function for performing for example 
management of the key data of the distribution use key 
data KD! to KD 6 . 

[0884] Also, the EMD service center 302 has a rights 
clearing (profit distribution) function of performing set- 
tlement with respect to the purchase and/or usage of the 
content by the user of the user home network 303 based 
on the usage control policy data 1 06 registered by the 
content provider 301 , the usage log data 308 input from 
the SAMs 305! t0 305 4 , and the price tag data 312 reg- 
istered by the service provider 31 0 and distributing and 
paying the money paid by the user to the content pro- 
vider 301 and the service provider 31 0. 
[0885] Below, components of the content provider 
301 will be explained in detail. 

[Content provider 301] 

[0886] Figure 60 is a functional block diagram of the 
content provider 301 and shows the flow of the data re- 
lated to the data transmitted and received with the serv- 
ice provider 310. 

[0887] As shown in Fig. 60, the content provider 301 
has a content master source server 111 , electronic wa- 
termark information addition unit 112, compression unit 
113, encryption unit 114, random number generation 
unit 115, signature processing unit 117, secure contain- 
er preparation unit 118, secure container database 
118a, key file database 118b, storage unit 119, mutual 
certification unit 120, encryption and/or decryption unit 
121, usage control policy data preparation unit 122, 
EMD service center management unit 125, and a serv- 
ice provider management unit 324. 
[0888] In Fig. 60, components given the same refer- 
ence numerals as those of Fig. 3 are the same as the 
components of the same reference numerals explained 
in the first embodiment referring to Fig. 3 and Fig. 4. 



15 



20 



25 



30 



35 



40 



45 



50 



71 

BNSDCCID: <EP 1 132828A1_I_> 



141 



EP 1 132 828 A1 



142 



[0889] Namely, the content provider 301 has a config- 
uration providing the service provider management unit 
324 in place of the SAM management unit 124 shown 
in Fig. 3. 

[0890] The service provider management unit 324 
provides the secure container 1 04 shown in Fig. 5 input 
from the secure container preparation unit 118 to the 
service provider 31 0 shown in Fig. 59 off-line and/or on- 
line. 

[0891] Where the secure container 104 shown in Fig. 
5 is distributed to the service provider 310 on-line, the 
service provider management unit 324 encrypts the se- 
cure container 104 by using the session key data K SES 
in the encryption and/or decryption unit 121 and then 
distributes the same via the network to the service pro- 
vider 310. 

[0892] Also, the flow of the data in the content provider 
1 01 shown in Fig. 4 similarly applies also to the content 
provider 301 . 

[0893] Below, an explanation will be made of the flow 
of the processing when transmitting the secure contain- 
er 1 04 from the content provider 301 to the service pro- 
vider 310. 

[0894] Figure 61 and Fig. 62 are flowcharts showing 
the flow of the processing when transmitting the secure 
container 1 04 from the content provider 301 to the serv- 
ice provider 310. 

[0895] Step C1 : Mutual certification is carried out be- 
tween the content provider 301 and the service provider 
310. 

[0896] Step C2: The session key data K SES obtained 
by the mutual certification at step C1 is shared between 
the content provider 301 and the service provider 31 0. 
[0897] Step C3: By the service provider 310, the se- 
cure container database 1 1 8a possessed by the content 
provider 301 (for CP) is accessed. 
[0898] Step C4: The service provider 310 selects the 
secure container 1 04 necessary for its distribution serv- 
ice by referring to for example the lists of the content ID 
and the meta data centrally managed at the secure con- 
tainer database 118a. 

[0699] Step C5: The content provider 301 encrypts 
the secure container 104 selected at step C4 by using 
the session key data K SES shared at step C2. 
[0900] Step C6: The content provider 301 inserts the 
secure container 1 04 obtained at step C5 into a content 
provider use commodity transport protocol. 
[0901] Step C7: The service provider 310 performs 
the download. 

[0902] Step C8: The service provider 310 takes out 
the secure container 1 04 from the content provider use 
commodity transport protocol, 

[0903] Step C9: The service provider 310 decrypts the 
secure container 104 by using the session key data 
k ses shared at step C2. 

[0904] Step C1 0: The service provider 31 0 verifies the 
signature data stored in the decrypted secure container 
1 04 to confirm the legitimacy of the transmitter and per- 



forms the processing of step C11 under the condition 
that the transmitter is legitimate. 
[0905] Step C11 : The service provider 31 0 stores the 
secure container 1 04 in the secure container database 
5 of itself. 

[Service provider 31 0] 

[0906] The service provider 31 0 produces the secure 
10 container 304 storing the content file CF and the key file 
KF in the secure container 104 received from the con- 
tent provider 301 and the price tag data 312 produced 
by itself and distributes the secure container 304 to the 
network apparatus 360., and the AV apparatuses 360 2 
*5 to 360 4 of the user home network 303 on-line and/or off- 
line. 

[0907] The service format of the content distribution 
by the service provider 310 is roughly classified to an 
independent type service and a linked type service. 
20 [0908] The independent type service is for example a 
service dedicated to download for individually distribut- 
ing the content. Further, the linked type service is a serv- 
ice for distributing content linked to the program and 
CMs (advertisements). For example, content such as a 
25 theme song and other song of a drama are stored in a 
stream of the drama program. The user can purchase 
the content such as theme song or other song existing 
in the stream when watching the drama program. 
[0909] Figure 63 is a functional block diagram of the 
30 service provider 310. 

[0910] Note that f in Fig. 63, the flow of the data when 
supplying the secure container 304 produced by using 
the secure container 1 04 supplied from the content pro- 
vider 301 to the user home network 303 is shown. 
35 [0911] As shown in Fig. 63, the service provider 310 
has a content provider management unit 350, a storage 
unit 351 , a mutual certification unit 352, an encryption 
and/or decryption unit 353, a signature processing unit 
354, a secure container preparation unit 355, a secure 
40 container database 355a, a price tag data preparation 
unit 356, a user home network management unit 357, 
an EMD service center management unit 358, and a us- 
er preference filter generation unit 920. 
[0912] Below, an explanation will be made of the flow 
45 of the processing in the service provider 31 0 when cre- 
ating the secure container 304 from the secure contain- 
er 104 supplied from the content provider 301 and dis- 
tributing this to the user home network 303 by referring 
to Fig. 63 and Fig. 64. 
so [0913] Figure 64 is a flowchart for explaining the 
processing of distributing the secure container 304 from 
the content provider 301 to the service provider 310. 

<Step D1> 

55 

[0914] The content provider management unit 350 re- 
ceives the secure container 104 shown in Fig. 5 from 
the content provider 301 on-line and/or off-line and 
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writes the secure container 104 into the storage unit 
351. 

[091 5] At this time, the content provider management 
unit 350 decrypts the secure container 104 in the en- 
cryption and/or decryption unit 353 by using the session 
key data K SES obtained by mutual certification between 
the mutual certification unit 120 shown in Fig. 60 and 
the mutual certification unit 352 shown in Fig. 63 in the 
case of on-line and then writes the same into the storage 
unit 351. 

[091 6] Note that, the service provider 310 can have a 
dedicated secure container database for storing the se- 
cure container 1 04 separately from the storage unit 351 . 

<Step D2> 

[091 7] Next, in the signature processing unit 354, the 
signature data SIG 1 ESC shown in Fig. 5C of the secure 
container 104 stored in the storage unit 351 is verified 
by using the public key data K ESC P of the EMD service 
center 302 read out from the storage unit 351 . After the 
legitimacy thereof is confirmed, the public key data 
Kqpp is extracted from the certificate data CER CP 
shown in Fig. 5C. 

[091 8] Next, the signature processing unit 354 verifies 
the signature data SIG 6 CP and SIG 7 CP shown in Figs. 
5A and 5B of the secure container 1 04 stored in the stor- 
age unit 351 , that is, verifies the legitimacy of the pro- 
ducer and transmitter of the content file CF and the 
transmitter of the key file KF by using the related extract- 
ed public key data Kc PP . 

[091 9] Also, the signature processing unit 354 verifies 
the signature data SIG K1 ESC stored in the key file KF 
shown in Fig. 5B by using the public key data K ESC P 
read out from the storage unit 351 , that is, verifies the 
legitimacy of the producer of the key file KF. At this time, 
the verification of the signature data SIG K1 ESC serves 
also as the verification of whether or not the key file KF 
is registered in the EMD service center 302. 

<Step D3> 

[0920] Next, the secure container preparation unit 
355 reads out the content file CF and the signature data 
SIG 6 CP thereof, the key file KF and the signature data 
SIG 7 cp thereof, the certificate data CER SP of the serv- 
ice provider 31 0 and the signature data SIG 61 ESC there- 
of , and the certificate data CEP CP of the content provid- 
er 301 and the signature dataSIG 1ESC thereof from the 
storage unit 351 when the legitimacy of the signature 
data SIG 6 CP , SIG 7 CP and SIG K1 ESC is confirmed. 
[0921] Also, the price tag data preparation unit 356 
produces price tag data 312 indicating the price ob- 
tained by adding the price of its own service to the price 
for the content requested by the content provider 301 
notified from for example the content provider 301 off- 
line and stores this in the storage unit 351 . 
[0922] Also, the signature processing unit 354 obtains 



the hash values of the content file CF, key file KF, and 
the price tag data 312, produces signature data 
s,g 62,sp> s,G 63,sp* and SIG 64„sp bv using secret key 
data K SP P of the service provider 31 0, and outputs them 
5 to the secure container preparation unit 355. 

[0923] Here, the signature data SIG 62 SP is used for 
verifying the legitimacy of the transmitter of the content 
file CF, the signature data SIG^ SP is used for verifying 
the legitimacy of the transmitter of the key file KF, and 
the signature data SIG^ SP is used for verifying the le- 
gitimacy of the producer and transmitter of the price tag 
data 312. 

[0924] Next, the secure container preparation unit 
355 produces the secure container 304 storing the con- 
tent file CF and the signature data SIG 6 CP and SIG 62SP 
thereof, the key file KF and the signature data SIG 7 CP 
and SIGe3 ESC thereof, the price tag data 312 and the 
signature data SIG^ SP thereof, the certificate data 
CER SP and the signature data SIG 6 i E sc thereof, and 
the certificate data CER CP and the signature data 
SIG 1 Esc thereof as shown in Figs. 65A to 65D and 
stores the same in the secure container database 355a. 
[0925] The secure containers 304 stored in the secure 
container database 355a are centrally managed by the 
service provider 310 by using for example content IDs. 

<Step D4> 

[0926] The secure container preparation unit 355 
reads out the secure container 304 in response to the 
request from the user home network 303 from the se- 
cure container database 355a and outputs this to the 
user home network management unit 357. 
[0927] At this time, the secure container 304 may be 
a composite container storing a plurality of content files 
CF and a plurality of key files KF corresponding to them 
too. For example, it is also possible to store a plurality 
of content files CF concerning a song, a video clip, a text 
card, liner notes, and a jacket in a single secure con- 
tainer 304. It is also possible if these plurality of content 
files CF etc. are stored in the secure container 304 with 
a directory structure. 

[0928] Also, where the secure container 304 is trans- 
mined in a digital broadcast, an MHEG (Multimedia and 
Hypermedia Information Coding Experts Group) proto- 
col is used, while where it is transmitted by the Internet, 
an XML/SMILyHTML (Hyper Text Markup Language) 
protocol is used. 

[0929] At this time, the content files CF and the key 
files KF etc. in the secure container 304 are stored in 
predetermined layers in the communication protocol 
employed between the service provider 31 0 and the us- 
er home network 303 in a format not depending upon 
the encoding method tunneling the protocols of MHEG 
and HTML. 

[0930] For example, where the secure container 304 
is transmitted in a digital broadcast, as shown in Fig. 66, 
the content file CF is stored as the MHEG content data 
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in the MHEG object. 

[0931] Also, in the transport layer protocol, the MHEG 
object is stored in PES (packetized elementary stream)- 
Video in the case of a moving picture image, stored in 
the PES-Audio in the case of audio, and stored in Pri- 
vate-Data in the case of a still image. 
[0932] Also, as shown in Fig. 67, the key file KF, price 
tag data 31 2, and the certificate data CER CP and CER SP 
are stored in an ECM (entitlement control message) in 
TS Packet of the transport layer protocol. 
[0933] Here : a mutual link is established among the 
content file CF, key file KF, price tag data 312, and the 
certificate data CER CP and CER SP by the directory 
structure data DSD 1 in the header of the content file CF. 
[0934] Next, the user home network management un it 
357 supplies the secure container 304 to the user home 
network 303 off-line and/or on-line. 
[0935] Where the secure container 304 is to be dis- 
tributed to the network apparatus 360 1 of the user home 
network 303 on-line, the user home network manage- 
ment unit 357 encrypts the secure container 304 by us- 
ing the session key data K SES in the encryption and/or 
decryption unit 352 after the mutual certification and 
then distributes the same via the network to the network 
apparatus 360-, . 

[0936] Note that, where the secure container 304 is 
to be broadcasted via for example a satellite, the user 
home network management unit 357 encrypts the se- 
cure container 304 by using scramble key data K SCR or 
the like. Further, scramble key data K SCR is encrypted 
by using work key data K w , and the work key data K w 
is encrypted by using master key data 
[0937] Then, the user home network management 
unit 357 transmits scramble key data K SCR and the work 
key data K w together with the secure container 304 to 
the user home network 303 via the satellite. 
[0938] Also, for example it stores the master key data 
K M in the IC card or the like and distributes the same to 
the user home network 303 off-line. 
[0939] Also, when receiving the SP use purchase log 
data 309 concerning the content data C distributed by 
the related service provider 3 1 0 from th e user home net- 
work 303, the user home network management unit 357 
writes this into the storage unit 351 . 
[0940] The service provider 31 0 refers to the SP use 
purchase log data 309 when determining the service 
content in the future. Further, the user preference filter 
generation unit 920 analyzes the preference of the users 
of the SAMs 305 1 to 305 4 transmitting the related SP 
use purchase log data 309 based on the SP use pur- 
chase log data 309 to produce user preference filter data 
900 and transmits this via the user home network man- 
agement u nit 357 to the CA modu le 31 1 of the user home 
network 303. 

[0941] In Fig. 68, the flow of the data related to the 
communication with the EMD service center 302 in the 
service provider 310 is shown. 

[0942] Note that, as the prerequisite of performing the 



following processing, the interested party of the service 
provider 310 performs registration processing at the 
EMD service center 302 off-line by using for example its 
own ID card and a bank account for performing the set- 
5 tlement processing and acquires the global unique iden- 
tifier SP_ID. The identifier SPJD is stored in the storage 
unit 351 . 

[0943] First, an explanation will be made of the 
processing where the service provider 31 0 requests the 
10 certificate data CER SP for certifying the legitimacy of the 
public key data K SPS corresponding to its own secret 
key data K SPS at the EMD service center 302 by refer- 
ring to Fig. 54. 

[0944] The service provider 31 0 generates a random 
is number by using the true random number generator to 
produce the secret key data K SPS , produces the public 
key data K sps corresponding to'the related secret key 
data K SPS , and stores the same in the storage unit 351 . 
[0945] The identifiers SPJD and the public key data 
20 K spp of the EMD service center management unit 358 
and the service provider 31 0 are read out from the stor- 
age unit 351 . 

[0946] Then, the EMD service center management 
unit 358 transmits the identifier SPJD and the public 

25 key data K sp p to the EMD service center 302. 

[0947] Then, the EMD service center management 
unit 348 receives as its inputs the certificate data CER SP 
and the signature data SIG 61 Esc thereof from the EMD 
service center 302 in accordance with the related reg- 

30 istration and writes the same into the storage unit 351 . 
[0948] Next, an explanation will be made of the 
processing of the case where the service provider 310 
registers and authenticates the price tag data 312 in the 
EMD service center 302 by referring to Fig. 54. 

35 [0949] In this case, in the signature processing unit 
354, the hash value of a module Mod 103 shown in Fig. 
69 storing the price tag data 312 read out from the stor- 
age unit 351 and the content ID as the global unique 
identifier is found, and signature data SIG 80 SP is pro- 

40 duced by using the secret key data K SPS . 

[0950] Also, the certificate data CER SP and the sig- 
nature data S!G 61 Esc thereof are read out from the stor- 
age unit 351 . 

[0951] Then, after encrypting a price tag registration 
4 5 request use module Mod 102 shown in Fig. 69 by using 
the session key data K SES obtained by the mutual cer- 
tification between the mutual certification unit 352 and 
the EMD service center 302 in the encryption and/or de- 
cryption unit 353, it is transmitted from the EMD service 
50 center management unit 358 to the EMD service center 
302. 

[0952] Note that, it is also possible if the global unique 
identifier SPJD of the service provider 31 0 is stored in 
the module Mod 102 . 
55 [0953] Also, the EMD service center management 
unit 358 writes a settlement report data 307s received 
from the EMD service center 302 into the storage unit 
351. 
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[0954] Also, the EMD service center management 
unit 358 stores marketing information data 904 received 
from the EMD service center 302 in the storage unit 351 . 
[0955] The marketing information data 904 is used as 
a reference when the service provider 310 determines 5 
the content data C to be distributed from then on. 

[EMD service center 302] 

[0956] The EMD service center 302 functions as the 
certificate authority (CA), key management authority, 
and the rights clearing authority as mentioned before. 
[0957] Figure 70 is a view of the configuration of the 
EMD service center 302. 

[0958] As shown in Fig. 70, the EMD service center 
302 has a key server 141 , a key database 141a, a KF 
preparation unit 153, a settlement processing unit 442, 
a signature processing unit 443, a settlement manager 
management unit 144, a certificate and usage control 
policy management unit 445, a CER database 445a, a 
certificate database 445b, a content provider manage- 
ment unit 148, a CP database 148a, a SAM manage- 
ment unit 149, a SAM database 149a, a mutual certifi- 
cation unit 150, an encryption and/or decryption unit 
151 , a service provider management unit 390, an SP 
database 390a, a content ID preparation unit 851 , a user 
preference filter generation unit 901, and a marketing 
information data generation unit 902. 
[0959] In Fig. 70, the functional blocks given the same 
reference numerals as those of Fig. 23 and Fig. 24 have 
substantially the same functions as those of the func- 
tional blocks having the same reference numerals ex- 
plained in the first embodiment. 

[0960] Below, an explanation will be made of the func- 
tional blocks given the new reference numerals in Fig. 
70. 

[0961] Notethat, in Fig. 70, theflowofthe data related 
to the data transmitted and received between the EMD 
service center 302 and the service provider 310 in the 
flow of the data among the functional blocks in the EMD 
service center 302 is shown. 

[0962] Further, in Fig. 71 , the flow of the data related 
to the data transmitted and received between the EMD 
service center 302 and the content provider 301 in the 
flow of the data among the functional blocks in the EMD 
service center 302 is shown. 

[0963] Further, in Fig. 72, the flow of the data related 
to the data transmitted and received between the EMD 
service center 302 and the SAMs 305! to 305 4 shown 
in Fig. 59 and the settlement manager 91 in the flow of 
the data among the functional blocks in the EMD service 
center 302 is shown. 

[0964] The settlement processing unit 442 performs 
the settlement processing based on the usage log data 
308 input from thes SAMs 305! to 305 4 and the sug- 
gested retailer's price data SPR and the price tag data 
312 input from the certificate and usage control policy 
management unit 445 as shown in Fig. 72. Note that, at 



this time, the settlement processing unit 442 monitors 
the existence of dumping etc. by the service provider 
310. 

[0965] The settlement processing unit 442 produces 
settlement report data 307c and settlement claim data 
152c for the content provider 301 as shown in Fig. 72 
by the settlement processing and outputs them to the 
content provider management unit 148 and the settle- 
ment manager management unit 144. 
[0966] Also, by the settlement processing, as shown 
in Fig. 70 and Fig. 72, the settlement report data 307s 
and settlement claim data 1 52s for the service provider 
31 0 are produced and are output to the service provider 
management unit 390 and the settlement manager 
management unit 144. 

[0967] Here, the settlement claim data 1 52c and 1 52s 
are authenticated data enabling claim of payment of 
money to the settlement manager 91 based on the re- 
lated data. 

[0968] Here, the usage log data 308 is used when de- 
termining the payment of the license fee related to the 
secure container 304 in the same way as the usage log 
data 1 08 explained in the first embodiment. In the usage 
log data 308, for example, as shown in Fig. 73, the iden- 
tifier of the content data C stored in the secure container 
304, that is, the content ID, the identifier CP_ID of the 
content provider 301 providing the content data C stored 
in the secure container 304, the identifier SP_ID of the 
service provider 310 distributing the secure container 
304, signal parameter data of the content data C, the 
compression method of the content data C in the secure 
container 304, the identifier Media_ID of the storage me- 
dium storing the secure container 304, the identifiers 
SAM JD of the SAMs 305 1 to 305 4 receiving the distri- 
bution of the secure container 304, the USER_IDs of the 
users of the related SAMs 105 1 to 105 4 , etc. are de- 
scribed. Accordingly, in a case where the money paid 
by the user of the user home network 303 must be dis- 
tributed to the license owners of for example the com- 
pression method and the storage medium other than the 
owners of the content provider 301 and the service pro- 
vider 310, the EMD service center 302 determines the 
sum of money to be paid to the other parties based on 
the distribution rate table determined in advance and 
produces the settlement report data and settlement 
claim data in accordance with the related determination. 
[0969] The certificate and usage control policy man- 
agement unit 445 reads out the certificate data CER CP , 
certificate data CER SP , the certificate data CER SAM1 to 
CER SAM2 . etc. registered and authenticated in the cer- 
tificate database 445b and, at the same time, registers 
and authenticates the usage control policy data 1 06 and 
content key data Kc of the content provider 301, the 
price tag data 31 2 of the service provider 31 0, etc. in the 
CER database 445a. 

[0970] At this time, the certificate and usage control 
policy management unit 445 obtains the hash values of 
the usage control policy data 106, content key data Kc, 
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the price tag data 31 2, etc., attaches the signature data 
using the secret key data K ESC s , and produces the au- 
thenticated certificate data. 

[0971] The content provider management unit 148 
has a function of communicating with the content pro- 
vider 101 and can access the CP database 148a for 
managing the registered identifier CPJD etc. of the con- 
tent provider 101 . 

[0972] The user preference filter generation unit 901 
produces user preference filter data 903 for selecting 
the content data C in accordance with the preference of 
the users of the SAMs 305 1 to 305 4 transmitting the re- 
lated usage log data 308 based on the usage log data 
308 and transmits the user preference filter data 903 to 
the SAMs 305 1 to 305 4 transmitting the related usage 
log data 308 via the SAM management unit 149. 
[0973] The marketing information data generation 
unit 902 produces the marketing information data 904 
indicating the purchase situation etc. of the whole con- 
tent data C distributed to the user home network 1 03 by 
for example a plurality of service providers 310 based 
on the usage log data 308 and transmits this via the 
service provider management unit 390 to the service 
provider 310. The service provider 310 determines the 
content of the service to be provided from then on with 
reference to the marketing information data 904. 
[0974] Below, an explanation will be made of the flow 
of the processing in the EMD service center 302. 
[0975] The distribution use key data KD 1 to KD 3 are 
transmitted from the EMD service center 302 to the 
SAMs 305 1 to 305 4 in the same way as the case of the 
first embodiment. 

[0976] Also, the processing in the case where the 
EMD service center 302 receives the issuance request 
of the certificate data from the content provider 301 is 
the same as the first embodiment except for the point 
that the certificate and usage control policy manage- 
ment unit 445 accesses the certificate database 445b. 
Further, the processing of registering the usage control 
policy data 1 06 etc. is similar to the case of the first em- 
bodiment mentioned above except for the point that the 
certificate and usage control policy management unit 
445 stores the related data in the CER database 445a. 
[0977] Next, an explanation will be made of the 
processing in the case where the EMD service center 
302 receives the issuance request of the certificate data 
from the service provider 310 by referring to Fig. 70. 
[0978] In this case, when receiving the identifier 
SP_ID, public key data K SPP , and signature data 
stG 70,sp of tne service provider 31 0 given by the EMD 
service center 302 in advance from the service provider 
310, the service provider management unit 390 de- 
crypts them by using the session key data K SES ob- 
tained by the mutual certification between the mutual 
certification unit 1 50 and the mutual certification unit 352 
shown in Fig. 63. 

[0979] Then, after confirming the legitimacy of the re- 
lated decrypted signature data SIG 70 SP at the signature 



processing unit 443, it is confirmed whether or not the 
service provider 31 0 issuing the issuance request of the 
related certificate data is registered in the SP database 
390a based on the identifier SP JD and the public key. 

5 data K sp p . 

[0980] Then, the certificate and usage control policy 
management unit 445 reads out the certificate data 
CEFt SP of the related service provider 31 0 from the cer- 
tificate database 445b and outputs the same to the serv- 

10 ice provider management unit 390. 

[0981] Also, the signature processing unit 443 obtains 
the hash value of the certificate data CER SP , produces 
the signature data SIG 61 ESC by using the secret key da- 
te k esc,s of tne EMD service center 302, and outputs 

15 this to the service provider management unit 390. 

[0982] Then, the service provider management unit 
390 encrypts the certificate data CER SP and the signa- 
ture data SIG 61 ESC thereof by using the session key da- 
te k ses obtained by the mutual certification between the 

20 mutual certification unit 1 50 and the mutual certification 
unit 352 shown in Fig. 63 and then transmits the same 
to the service provider 310. 

[0983] Note that, the processing where the EMD serv- 
ice center 302 receives the issuance request of the cer- 
25 tificate data from the SAMs 1 05-, to 1 05 4 is similarto the 
first embodiment. 

[0984] Further also the processing where the EMD 
service center 302 receives the registration request of 
the usage control policy data 106 and the content key 
30 data Kc from the content provider 301 is similar to that 
of the first embodiment. 

[0985] Further, also the processing of preparing the 
key file KF in accordance with the registration use mod- 
ule Mod 2 received from the content provider 301 by the 
35 EMD service center 302 and transmitting the same to 
the content provider 301 is similar to the first embodi- 
ment. 

[0986] Next, an explanation will be made of the 
processing where the EMD service center 302 receives 

40 the registration request of the price tag data 312 from 
the service provider 310 by referring to Fig. 70. 
[0987] In this case, when the service provider man- 
agement unit 390 receives the price tag registration re- 
quest module Mod 102 shown in Fig. 69 from the service 

45 provider 310, it decrypts the price tag registration re- 
quest module Mod 102 by using the session key data 
k ses obtained by the mutual certification between the 
mutual certification unit 150 and the mutual certification 
unit 352 shown in Fig. 63. 

so [0988] Then, after confirming the legitimacy of the sig- 
nature data SIG 80 SP stored in the related decrypted 
price tag registration request module Mod 102 in the sig- 
nature processing unit 443, the price tag data 31 2 stored 
in the price tag registration request module Mod 102 is 

55 registered and authenticated in the CER database 445a 
via the certificate and usage control policy management 
unit 445. 

[0989] Next, an explanation will be made of the 
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processing where the settlement is carried out in the 
EMD service center 302 by referring to Fig. 72. 
[0990] When receiving as its inputs the usage log data 
308 and signature data SIG 205 SAM1 thereof from for ex- 
ample the SAM 305 1 of the user home network 303, the 
SAM management unit 1 49 decrypts the usage log data 
308 and the signature data SIG^s.sami bv using the 
session key data K SES obtained by the mutual certifica- 
tion between the mutual certification unit 150 and the 
SAMs 305., to 305 4 , verifies the signature data 
^'^205,sami by usin 9 tne public key data K SAM1 P of the 
SAM 305.,, and then outputs the same to the settlement 
processing unit 442. 

[0991] Then, the settlement processing unit 442 per- 
forms the settlement processing based on the usage log 
data 308 input from the SAM 305 1 and the suggested 
retailer's price data SRP and the price tag data 312 input 
from the certificate and usage control policy manage- 
ment unit 445. 

[0992] The settlement processing unit 442 produces 
settlement report data 307c and settlement claim data 
152c for the content provider 301 and outputs them to 
the content provider management unit 1 48 and the set- 
tlement manager management unit 144 as shown in Fig. 
72. 

[0993] Also, by the settlement processing, as shown 
in Fig. 70 and Fig. 72, the settlement report data 307s 
and the settlement claim data 152s for the service pro- 
vider 310 are produced and are output to the service 
provider management unit 390 and the settlement man- 
ager management unit 144. 

[0994] Next, the settlement manager management 
unit 144 performs the mutual certification of the settle- 
ment claim data 152c and 152s and the signature data 
produced for them by using the secret key data K ESC s 
and the decryption by the session key data K SES and 
then transmits the same to the settlement manager 91 
via the payment gateway 90 shown in Fig. 59. 
[0995] By this, the money of the sum indicated in the 
settlement claim data 1 52c is paid to the content provid- 
er 301 , and the money of the sum indicated in the set- 
tlement claim data 152s is paid to the service provider 
310. 

[0996] Next, an explanation will be made of the 
processing in the case where the EMD service center 
302 transmits the settlement report data 307c and 307s 
to the content provider 301 and the service provider 31 0. 
[0997] When settlement is carried out in the settle- 
ment processing unit 442, the settlement report data 
307c is output from the settlement processing unit 442 
to the content provider management unit 148. 
[0998] When receiving as input the settlement report 
data 307c from the settlement processing unit 442, the 
content provider management unit 148 encrypts this by 
using the session key data K SES obtained by the mutual 
certification between the mutual certification unit 150 
and the mutual certification unit 120 shown in Fig. 60 
and then transmits the same to the content provider 301 . 



[0999] Also, when the settlement is carried out in the 
settlement processing unit 442, the settlement report 
data 307s is output from the settlement processing unit 
442 to the service provider management unit 390. 

5 [1000] When receiving as input the settlement report 
data 307s from the settlement processing unit 442, the 
service provider management unit 390 encrypts this by 
using the session key data K SES obtained by the mutual 
certification between the mutual certification unit 150 

10 and the mutual certification unit 352 shown in Fig. 63 
and then transmits the same to the service provider31 0. 
[1001] The EMD service center 302 performs 
processing at the time of shipment of the SAMs 305., to 
305 4 and the registration processing of the SAM regis- 

15 tration list in the same way as the EMD service center 
102 of the first embodiment other than the above. 

[User home network 303] 

20 [1002] The user home network 303 has the network 
apparatus 360 1 and the A/V apparatuses 360 2 to 360 4 
as shown in Fig. 59. 

[1 003] The network apparatus 360 1 includes the built- 
in CA module 311 and the SAM 305 v Further, the AA/ 
25 apparatuses 360 2 to 360 4 include the built-in SAMs 305 2 
to 305 4 . 

[1 004] The SAMs 305 2 to 305 4 are connected to each 
other via a bus 191, for example, an IEEE serial inter- 
face bus. 

30 [1 005] Note that, it is possible if the AV apparatuses 
360 2 to 360 4 have a network communication function or 
do not have the network communication function, but 
utilize the network communication function of the net- 
work apparatus 360., via the bus 191 . 

35 [1006] Also, it is also possible if the user home net- 
work 303 has only AV apparatuses not having network 
functions. 

[1 007] Below, an explanation will be made of the net- 
work apparatus 360 1 . 
40 [1008] Figure 74 is a view of the configuration of the 
network apparatus 360 1 . 

[1009] As shown in Fig. 74, the network apparatus 
360 1 has acommunication module 1 62, CA module 31 1 , 
decryption module 905, SAM 305^ decryption and/or 

45 expansion module 1 63 : purchase and/or usage form de- 
termination operation unit 165, download memory 167, 
reproduction module 169, and external memory 201 . 
[1010] In Fig. 74, components given the same refer- 
ence numerals as those of Fig. 25 are the same as the 

50 components of the same reference numerals explained 
in the first embodiment. 

[1 01 1 ] The communication module 1 62 performs the 
communication processing with the service provider 
310. 

55 [1012] Concretely, the communication module 162 
outputs the secure container 304 received from the 
service provider 310 by a satellite broadcast or the like 
to the decryption module 905. Also, the communication 
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module 162 outputs user preference filter data 900 re- 
ceived via a telephone line or the like at the service pro- 
vider 310 to the CA module 311 and, at the same time, 
transmits SP use purchase log data 309 input from the 
CA module 311 to the service provider 31 0 via the tele- 
phone line or the like. 

[1013] Figure 75 is a functional block diagram of the 
CA module 311 and the decryption module 905. 
[1014] As shown in Fig. 75, the CA module 311 has a 
mutual certification unit 906, a storage unit 907, an en- 
cryption and/or decryption unit 908 and an SP use pur- 
chase log data generation unit 909. 
[1015] When transmitting and receiving the data be- 
tween the CA module 31 1 and the service provider 3 1 0 
via the telephone line, the mutual certification unit 906 
performs the mutual certification with the service provid- 
ers! 0 to produce the session key data K SES and outputs 
this to the encryption and/or decryption unit 908. 
[1 01 6] The storage unit 907 stores the master key da- 
ta K M supplied from the service provider 31 0 off-line by 
using an IC card 91 2 etc. after for example a contract is 
established between the service provider 310 and the 
user. 

[1017] The encryption and/or decryption unit 908 re- 
ceives as its inputs the encrypted scramble key data 
k scr and work ke Y data K w from a decryption unit 91 0 
of the decryption module 905 and decrypts the work key 
data K w by using the master key data K M read out from 
the storage unit 907. Then, the encryption and/or de- 
cryption unit 908 decrypts the scramble key data K SCR 
by using the related decrypted work key data K w and 
outputs the related decrypted scramble key data K SCR 
to the decryption unit 910. 

[1018] Also, the encryption and/or decryption unit 908 
decrypts the user preference filter data 900 received by 
the communication module 1 62 from the service provid- 
er 31 0 via the telephone line or the like by using the ses- 
sion key data K SES from the mutual certification unit 906 
and outputs the same to a secure container selection 
unit 911 of the decryption module 905. 
[1 01 9] Also, the encryption and/or decryption unit 908 
decrypts the SP use purchase log data 309 input from 
the SP use purchase log data generation unit 909 by 
using the session key data K SES from the mutual certi- 
fication u nit 906 and transmits the same via the commu- 
nication module 162 to the service provider 310. 
[1020] The SP use purchase log data generation unit 
909 produces the SP use purchase log data 309 indi- 
cating the purchase log of the content data C inherent 
in the service provider 31 0 based on the operation signal 
S1 65 in accordance with the purchase operation of the 
content data C by the user by using the purchase and/ 
or usage form determination operation unit 165 shown 
in Fig. 74, or the usage control status data 1 66 from the 
SAM 305 1 and outputs this to the encryption and/or de- 
cryption unit 908. 

[1021] The SP use purchase log data 309 includes for 
example the information to be collected from the user 



concerning the distribution service by the service pro- 
vider 310, the monthly base fee (network rent), contract 
(update) information, and the purchase log information. 
[1022] Note that, the CA module 311 communicates 

5 with a charge database, a customer management data- 
base, and a marketing information database of the serv- 
ice provider 31 0 when the service provider 31 0 has the 
charge function. In this case, the CA module 311 trans- 
mits the charge data for the distribution service of the 

10 content data to the service provider 31 0. 

[1023] The decryption module 905 has a decryption 
unit 910 and a secure container selection unit 911 . 
[1024] The decryption unit 910 receives as its inputs 
the encrypted secure container 304, scramble key data 

15 k scr> and tne work key data K w from the communica- 
tion module 162. 

[1025] Then, the decryption unit 910 outputs the en- 
crypted scramble key data K SCR and work key data K w 
to the encryption and/or decryption unit 908 of the CA 
20 module 311 and receives as its input the decrypted 
scramble key data K SCR from the encryption and/or de- 
cryption unit 908. 

[1026] Then, the decryption unit 910 decrypts the en- 
crypted secure container 304 by using the scramble key 
25 data K SCR and then outputs the same to the secure con- 
tainer selection unit 911 . 

[1027] Note that, where the secure container 304 is 
transmitted from the service provider 31 0 by an MPEG2 
Transport Stream method, for example, the decryption 
30 unit 910 extracts the scramble key data K SCR from an 
ECM (Entitlement Control Message) in aTS Packet and 
extracts the work key data K w from an EMM (Entitle- 
ment Management Message). 

[1028] In the ECM, other than the above, for example, 
35 program attribute information for every channel are con- 
tained. Further, in the EMM, other than this, individual 
demo contract information different for every user (lis- 
tener) etc. are contained. 

[1029] The secure container selection unit 911 filters 
40 the secure containers 304 input from the decryption unit 
910 by using the user preference filter data 900 input 
from the CA module 311 , selects the secure container 
304 in accordance with the preference of the user, and 
outputs the same to the SAM 305 v 
45 [1030] Next, an explanation will be made of the SAM 
305.,. 

[1031] Note that, the SAM 305-, has basically the 
same function and structure as the SAM 105 1 of the first 
embodiment mentioned before by using Fig. 26 to Fig. 

50 41 except it performs the processing concerning the 
service provider 310 in addition to the content provider 
310, for example, it performs the signature verification 
processing for the service provider 310. 
[1 032] Also, the SAMs 305 2 to 305 4 basically have the 

55 same functions as that of the SAM 305 1 . 

[1033] Namely, the SAMs 305., to 305 4 are modules 
for performing charge processing in units of content and 
communicate with the EMD service center 302. 
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[1034] Below, the function of the SAM 305 1 will be ex- 
plained in detail. 

[1035] Figure 76 is a view of the configuration of the 
SAM 305 1t 

[1036] Note that, in Fig. 76, the flow of the data related 
to the processing when receiving as input the secure 
container 304 from the service provider 31 0 is shown. 
[1037] As shown in Fig. 76, the SAM 305 1 has the mu- 
tual certification unit 170, encryption and/or decryption 
units 171,1 72, and 1 73, error correction unit 1 81 : down- 
load memory management unit 182, secure container 
decryption unit 183, decryption and/or expansion mod- 
ule management unit 184, EMD service center manage- 
ment unit 185, usage monitor unit 186, signature 
processing unit 189, SAM management unit 190, stor- 
age unit 192, media SAM management unit 197, stack 
memory 200, a service provider management unit 580, 
a charge processing unit 587, a signature processing 
unit 598, and the external memory management unit 
811. 

[1038] Note that, the predetermined function of the 
SAM 305 1 shown in Fig. 76 is realized by executing a 
secret program in the CPU in the same way as the case 
of the SAM 105 v 

[1039] In Fig. 76, functional blocks given the same ref- 
erence numerals as those of Fig. 26 are the same as 
the functional blocks having the same reference numer- 
als explained in the first embodiment. 
[1040] Also, in the external memory 201 shown in Fig. 
74, after the processing explained in the first embodi- 
ment and the processing mentioned later, the usage log 
data 308 and the SAM registration list are stored. 
[1041] Also, in the stack memory 200, as shown in 
Fig. 77, the content key data Kc, usage control policy 
data (UCP) 106, lock key data K LOC of the storage unit 
1 92, certificate data CER CP of the content provider 301 , 
certificate data CER SP of the service provider 310, us- 
age control status data (UCS) 366, SAM program down- 
load containers SDC 1 to SFDC 3 , the price tag data 312, 
etc. are stored. 

[1 042] Below, an explanation will be made of the func- 
tional blocks newly given reference numerals in Fig. 76 
among the functional blocks of the SAM 305-,. 
[1043] The signature processing unit 589 verifies the 
signature data in the secure container 304 by using the 
public key data Ke$ c p of the EMD service center 302, 
public key data Kq P p of the content provider 301 , and 
the public key data K SPP of the service provider 310 
read out from the storage unit 1 92 or the stack memory 
200. 

[1044] The charge processing unit 587 performs the 
charge processing in accordance with the purchase 
and/or usage form of the content by the user based on 
the operation signal S1 65 from the purchase and/or us- 
age form determination operation unit 1 65 shown in Fig. 
74 and the price tag data 312 read out from the stack 
memory 200 as shown in Fig. 78. 
[1 045] The charge processing by the charge process- 



ing unit 587 is carried out based on the rights contents 
such as the usage permission condition indicated by the 
usage control policy data 1 06 and the usage control sta- 
tus data 1 66 under the monitoring of the usage monitor 
5 unit 186. Namely, the user can purchase and use the 
content within the range according to the related rights 
content etc. 

[1 046] Also, the charge processing unit 587 produces 
the usage log data 308 in the charge processing and 
10 writes this into the external memory 201 via the external 
memory management unit 811 . 

[1 047] Here, the usage log data 308 is used when de- 
termining the payment of the license fee related to the 
secure container 304 in the EMD service center 302 in 
15 the same way as the usage log data 1 08 of the first em- 
bodiment. 

[1 048] Also, the charge processing unit 587 produces 
the usage control status (UCS) data 166 describing the 
purchase and/or usage form of the content by the user 
20 based on the operation signal S1 65 and writes this into 
the stack memory 200. 

[1 049] As the purchase form of the content, there are 
for example outright purchase without restriction as to 
the reproduction by the purchaser or copying for use of 

25 the related purchaser and a reproduction charge for 
charging whenever the content is reproduced. 
[1 050] Here, the usage control status data 1 66 is pro- 
duced when the user determines the purchase form of 
the content and used for control so that the user will use 

30 the related content within the range permitted by the re- 
lated determined purchase form from then on. In the us- 
age control status data 166, the ID of the content, pur- 
chase form, outright purchase price, SAMJD of the 
SAM for which the related content was purchased, the 

55 USERJD of the user purchasing the content, etc. are 
described. 

[1051] Note that, where the determined purchase 
form is a reproduction charge, for example, the usage 
control status data 1 66 is transmitted from the SAM 305 1 

40 to the service provider 31 0 in real-time, and the service 
provider 310 instructs the EMD service center 302 to 
take the usage log data 308 from the SAM 105^ 
[1052] Also, where the determined purchase form is 
outright purchase, for example, the usage control status 

45 data 1 66 is transmitted to the service provider 31 0 and 
the EMD service center 302 in real-time. 
[1 053] Also, in the SAM 305^ as shown in Fig. 76, the 
user preference filter data 903 received via the EMD 
service center management unit 185 from the EMD 

so service center 302 is output to the service provider man- 
agement unit 580. Then, in the service provider man- 
agement unit 580, among the secure containers 304 in- 
put from the decryption module 905 shown in Fig. 74, 
the secure container 304 filtered based on the user pref- 

55 erence filter data 903 and thus responding to the pref- 
erence of the user is selected, and the related selected 
secure container 304 is output to the error correction unit 
181 . By this, in the SAM 305 1t the selection processing 
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of the content data C based on the preference of the 
related user obtained from the purchase situation of the 
content data C by the related user becomes possible for 
all service providers 310 contracting with the user of the 
related SAM 305^ 

[1054] Below, the flow of the processing in the SAM 
305 1 will be explained. 

[1055] The flow of the processing when storing the 
distribution use key data KD 1 to KD 3 received from the 
EMD service center 302 in the storage unit 1 92 is similar 
to that of the case of the SAM 105 1 mentioned before. 
[1056] Next, an explanation will be made of the flow 
of the processing in the SAM 305 1 when receiving as 
input the secure container 304 from the service provider 
310 by referring to Fig. 76. 

[1057] Mutual certification is carried out between the 
mutual certification unit 1 70 and the mutual certification 
unit 352 of the service provider 310 shown in Fig. 63. 
[1058] The encryption and/or decryption unit 171 de- 
crypts the secure container 304 shown in Fig. 65 re- 
ceived from the service provider 31 0 via the service pro- 
vider management unit 580 by using the session key 
data K SES obtained by the related mutual certification. 
[1 059] Next, the signature processing unit 589 verifies 
the signature data SIG 61 Esc and SIG-, ESC shown in Fig. 
65D, and then verifies the legitimacy of the signature 
data SIG 6 CP , SIG 62SP , SIG 7CP , SIG 63 SP , and SIG^p 
by using the public key data K spp and H^pp stored in 
the certificate data CER SP and CER CP . 
[1060] Here, by verifying the signature data SIG 6 cp 
and SIG 62iS p f the legitimacy of the producer and trans- 
mitter of the content file CF is confirmed, by verifying the 
signature data SIG 7CP and SIG 63SP , the legitimacy of 
the transmitter of the key file KF is confirmed, and by 
verifying the signature data SIG^sp, the legitimacy of 
the producer and the transmitter of the price tag data 
312 is confirmed. 

[1061] Also, by verifying the legitimacy of the signa- 
ture data SIG K1 Esc stored in the key file KF shown in 
Fig. 65B by using the public key data K ESC p read out 
from the storage unit 1 92, the signature processing unit 
589 verifies the legitimacy of the producer of the key file 
KF and whether or not the key file KF is registered in the 
EMD service center 302. 

[1062] When the legitimacy of all signature data men- 
tioned above is confirmed in the signature processing 
unit 589 ; the service provider management unit 580 out- 
puts the secure container 304 to the error correction unit 
181. 

[1063] The error correction unit 1 81 corrects the error 
of the secure container 304 and then outputs the same 
to the download memory management unit 182. 
[1064] The download memory management unit 1 82 
performs the mutual certification between the mutual 
certification unit 170 and the media SAM 167a shown 
in Fig. 74 and then writes the secure container 304 into 
the download memory 167. 

[1065] Next, the download memory management unit 



182 performs the mutual certification between the mu- 
tual certification unit 170 and the media SAM 167a 
shown in Fig. 74 and then reads out the key file KF 
shown in Fig. 65B stored in the secure container 304 

5 from the download memory 167 and outputs the same 
to the secure container decryption unit 1 83. 
[1066] Then, in the secure container decryption unit 
1 83, by using the distribution use data KD^ to KD 3 of the 
corresponding period input from the storage unit 192, 

10 the content key data Kc, usage control policy data 1 06, 
and the SAM program download containers SDC^ to 
SDC 3 stored in the key file KF shown in Fig. 65B are 
decrypted. 

[1067] Then, the decrypted content key data Kc, us- 
'5 age control policy data 106, and the SAM program 
download containers SDC 1 to SDC 3 are written into the 
stack memory 200. 

[1 068] Below, an explanation will be made of the flow 
of the processing until the purchase form of the secure 
20 container 304 downloaded on the download memory 
167 from the service provider 31 0 is determined by re- 
ferring to Fig. 78 and Fig. 79. 

[1 069] Figure 79 is a flowchart for explaining the pur- 
chase form determination processing of the secure con- 
25 tainer304. 

<Step E1> 

[1070] Where the operation signal S1 65 indicating the 
30 demo mode is output to the charge processing unit 587 
by the operation of the purchase and/or usage form de- 
termination operation unit 165 shown in Fig. 74 by the 
user, the processing of step E2 is carried out. In other 
cases, the processing of step E3 is carried out. 

35 

<Step E2> 

[1071] This is carried out where the operation signal 
S1 65 indicating the demo mode is output to the charge 

40 processing unit 587, and for example the content file CF 
stored in the download memory 167 is output via the 
decryption and/or expansion module management unit 
184 to the decryption and/or expansion module 163 
shown in Fig. 74. 

4 5 [1 072] At this time, with respect to the content file CF, 
the mutual certification between the mutual certification 
unit 170 and the media SAM 167a and the encryption 
and/or decryption by the session key data K SES and the 
mutual certification between the mutual certification unit 

50 1 70 and the mutual certification unit 220 and the encryp- 
tion and/or decryption by the session key data K SES are 
carried out. 

[1 073] The content file CF is decrypted in the decryp- 
tion unit 221 shown in Fig. 74 by using the session key 
55 data K SES and then output to the decryption unit 222. 
[1074] Also, the content key data Kc and the half dis- 
closure parameter data 199 read out from the stack 
memory 200 are output to the decryption and/or expan- 
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sion module 1 63 shown in Fig. 74. At this time, after the 
mutual certification between the mutual certification unit 
1 70 and the mutual certification unit 220, the encryption 
and decryption by the session key data K SES are carried 
out with respect to the content key data Kc and the half 5 
disclosure parameter data 199. 

[1075] Next, the decrypted half disclosure parameter 
data 1 99 is output to the half disclosure processing unit 
225, and under the control from the half disclosure 
processing unit 225, the decryption of the content data 
C using the content key data Kc by the decryption unit 
222 is carried out in a half disclosure mode. 
[1076] Next, the content data C decrypted in the half 
disclosure mode is expanded at the expansion unit 223 
and then output to the electronic watermark information 
processing unit 224. 

[1 077] Next, the user watermark use data 1 96 is bur- 
ied in the content data C in the electronic watermark in- 
formation processing unit 224, then the content data C 
is reproduced at the reproduction module 169, and 
sound in accordance with the content data C is output. 

<Step E3> 

[1078] When the user determines the purchase form 
by operating the purchase and/or usage form determi- 
nation operation unit 1 65, the operation signal S1 65 in- 
dicating the related determined purchase form is output 
to the charge processing unit 1 87. 

<Step E4> 

[1079] In the charge processing unit 187, the usage 
log data 308 and the usage control status data 166 in 
accordance with the determined purchase form are pro- 
duced, the usage log data 308 is written into the external 
memory 201 via the external memory management unit 
81 1 , and the usage control status data 1 66 is written into 
the stack memory 200. 

[1080] Thereafter, in the usage monitor unit 186, con- 
trol (monitor) is carried out so that the content is pur- 
chased and used within the range permitted by the us- 
age control status data 166. 

[1081] Then, by using the key file KF and the usage 
control status data 1 66 stored in the stack memory 200, 
a new key file KF 1 with the purchase form determined 
therefor shown in Fig. 81 C is produced, and the related 
produced key file KF 1 is stored in the stack memory 200. 
[1082] As shown in Fig. 81 C, the usage control status 
data 1 66 stored in the key file KF 1 has been sequentially 
encrypted by utilizing the CBC mode of the DES by us- 
ing the storage key data K STR and the media key data 
k med- 

[1083] Here, the storage use key data K STR is data 
determined in accordance with the type of apparatus, 
for example, an SACD (Super Audio Compact Disc), 
DVD (Digital Versatile Disc) apparatus, CD-R appara- 
tus, and MD (Mini Disc) apparatus, and used for estab- 



lishing one-to-one correspondence between the types 
of the apparatuses and the types of the storage medium . 
Also., the media key data K MED is data unique to the stor- 
age medium. 

[1 084] Also, in the signature processing unit 589, the 
hash value H K1 of the key file KF 1 is produced by using 
the secret key data K SAM1 s of the SAM 305^ and the 
related produced hash value H K1 is stored in the stack 
memory 200 in correspondence to the key file KF V 

<Step E5> 

[1085] The usage control status data 1 66 is transmit- 
ted from the SAM 305 1 to the EMD service center 302. 
The related usage control status data 1 66 is transmitted 
whenever the purchase form of the content data is de- 
termined in the SAM 305. 

[1 086] Note that, the usage log data 308 is transmitted 
from the SAM 305 1 to the EMD service center 302 at 
predetermined time intervals of for example one month. 
[1087] Next, an explanation will be made of the flow 
of the processing in the case where the content data C 
for which the purchase form is already determined 
stored in the download memory 167 is reproduced by 
referring to Fig. 78. 

[1088] In this case, under the monitoring by the usage 
monitor unit 186, based on the operation signal S165, 
the content file CF stored in the download memory 1 67 
is output to the decryption and/or expansion module 1 63 
shown in Fig. 74. 

[1 089] Also, the content key data Kc read out from the 
stack memory 200 is output to the decryption and/or ex- 
pansion module 163. 

[1 090] Then, in the decryption unit 222 of She decryp- 
tion and/or expansion module 1 63, the decryption of the 
content file CF using the content key data Kc and the 
expansion processing by the expansion unit 223 are 
carried out, and the content data C is reproduced in the 
reproduction module 169. 

[1 091 ] At this time, in the charge processing unit 587, 
the usage log data 308 stored in the external memory 
201 is updated in response to the operation signal S1 65. 
[1 092] The usage log data 308 is transmitted together 
with the signature data SIG205SANM produced by using 
the secret key data K SAM1 s via the EMD service center 
management unit 1 85 to the EMD service center 302 at 
a predetermined timing. 

[1093] Next, as shown in Fig. 80, an explanation will 
be made of the flow of the processing in the SAM 305., 
in the case where, for example, the secure container 
304x shown in Fig. 81 for which the purchase form has 
been already determined and downloaded on the down- 
load memory 167 of the network apparatus 360 1 is 
transferred via the bus 191 to the SAM 305 1 of the AV 
apparatus 360 2 by referring to Fig. 82. 
[1 094] The user operates the purchase and/or usage 
form determination operation unit 165 to instruct to 
transfer the predetermined content stored in the down- 
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load memory 1 67 to the AV apparatus 360 2 . The oper- 
ation signal S165 in accordance with the related opera- 
tion is output to the charge processing unit 587. 
[1095] By this, the charge processing unit 587 up- 
dates the usage log data 308 stored in the stack memory 
200 based on the operation signal S165. 
[1096] Also, the download memory management unit 
182 outputs the content files CF and key files KF and 
KF 1 shown in Figs. 81 A, 81Band81C readout from the 
download memory 1 67 to the signature processing unit 
589 and the SAM management unit 190. 
[1097] Then, the signature processing unit 589 pro- 
duces the signature data SIG 41 SAM1 and SIG 42 SAM1 of 
the contentf iles CF and the key files KF and , at the same 
time, produces the hash value H K1 of the key file KF 1} 
and outputs them to the SAM management unit 190. 
[1 098] Also, the SAM management unit 1 90 reads out 
the price tag data 312 and the signature data SIG 64SP 
thereof and the certificate data CER CP and the signature 
data SIG 1ESC thereof shown in Figs. 81 D and 81 E from 
the stack memory 200. 

[1 099] Also, the SAM management unit 1 90 reads out 
the certificate data CER SAM1 and the signature data 
SIG 22,esc thereof shown in Fig. 81 E from the storage 
unit 192. 

[1 1 00] Next, the SAM management unit 1 90 produces 
the secure container 304x shown in Fig. 81 . 
[1101] Also, the mutual certification unit 170 outputs 
the session key data K SES obtained by mutual certifica- 
tion with the SAM 305 2 to the encryption and/or decryp- 
tion unit 171. 

[1102] The SAM management unit 190 encrypts the 
secure container 304x shown in Fig. 81 in the encryption 
and/or decryption unit 1 71 by using the session key data 
K SES and then outputs the same to the SAM 305 2 of the 
AV apparatus 360 2 shown in Fig. 82. 
[1103] Below, as shown in Fig. 80 ; an explanation will 
be made of the flow of the processing in the SAM 305 2 
when writing the secure container 304x input from the 
SAM 305 1 into a storage medium such as a RAM by 
referring to Fig. 83. 

[1104] In this case, the SAM management unit 190 of 
the SAM 305 2 receives as input the secure container 
304x shown in Fig. 81 from the SAM 305! of the network 
apparatus 360! as shown in Fig. 83. 
[1105] Then, the mutual certification between the mu- 
tual certification unit 170 of the SAM 305! and the mu- 
tual certification unit 1 70 of the SAM 305 2 is carried out, 
and the signature processing unit 589 decrypts the se- 
cure container 304x by using the session key data K SES 
obtained by the related mutual certification. 
[1106] Next, in the signature processing unit 589, by 
using the public key data K ESC p read out from the stor- 
age unit 192, the legitimacy of the signature data 

s,G 6i,esc> sig i,esc> and s,G 22,esc shown in Fig. 81 E 
is verified. 

[1107] Then, when the legitimacy of the signature da- 
ta SIG 61 ESC , SIG., Esc , and SIG 22 ESC is confirmed, in 



the signature processing unit 589, by using the public 
key data K SPP , K CPP , and K SAM1 p contained in the cer- 
tificate data CER SP , CER CP , and CER SAM1 , the legiti- 
macy of the signature data SIG 6CP , SIG 62SP , 

5 SIG 41 ,SAM1 . SIG 7,CP> SIG 63,SP> S,G 42,SAM> and SIG^ SP 

shown in Figs. 81 A to 81 D and the hash value H K1 is 
verified. 

[1108] Then, when the legitimacy of these signature 
data is confirmed, the key files KF and KF 1 and the price 
10 tag data 312 are stored in the stack memory 200. 

[1 1 09] Also, the content f ile CF is output from the SAM 
management unit 190 to the storage module manage- 
ment unit 855. 

[1110] Then, the content key data Kc and the usage 
*5 control status data 1 66 stored in the key file KF! shown 
in Fig. 81 C are read out from the stack memory 200 to 
the encryption and/or decryption unit 173, and in the en- 
cryption and/or decryption unit 173, sequentially en- 
crypted by using the storage use key distribution use 
20 data KD STR) media key data K MED , and the purchaser 
key data K P)N read out from the storage unit 192 and 
then output to the storage module management unit 
855. 

[1111] Also, the key file KF read out from the stack 
25 memory 200 is output to the storage module manage- 
ment unit 855. 

[1112] Then, after the mutual certification between 
the mutual certification unit 1 70 and the media SAM 1 33 
of the RAM type storage medium 130 4 , the content file 
30 CF is stored in the unsecure RAM region 134 of the RAM 
type storage medium 1 30 4 , and the key files KF and KF! 
and the price tag data 312 are written into the secure 
RAM region 132. 

[1113] Note that, it is also possible to store the key 

35 files KF and KF! and the price tag data 31 2 in the media 
SAM 133 of the RAM type storage medium 130 4 . 
[1114] Note that, among the processing in the SAM 
305! , tne flow of the processing in the AV apparatus 
360 2 when determining the purchase form of the ROM 

^o type storage medium with the purchase form of the con- 
tent still undetermined and the flow of the processing 
when reading the secure container 304 from the ROM 
type storage medium with the purchase form still unde- 
termined in the AV apparatus 360 3 , transferring this to 

45 the AV apparatus 360 2 , and writing the same into the 
RAM type storage medium are the same as the case of 
the SAM 105! of tne first embodiment except for the 
point that the signature data is verified using the secret 
key data of the service provider 310 and for the point 

50 that the price tag data 312 is stored in the key file with 
the purchase form determined. 

[1115] Next, an explanation will be made of the overall 
operation of the EMD system 300 shown in Fig. 59. 
[1116] Figure 84 and Fig. 85 are flowcharts of the 
55 overall operation of the EMD system 300. 

[1117] Here, an explanation will be made by exempli- 
fying the case where the secure container 304 is trans- 
mitted from the service provider 310 to the user home 
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network 303 on-line. 

[1118] Note that, as the prerequisite of the following 
processing, it is assumed that the registration of the con- 
tent provider 301 , service provider 31 0, and SAMs 305! 
to305 4 tothe EMD service center 302 has been already 5 
finished. 

[1119] Step S21 : The EMD service center 302 trans- 
mits the certificate CER CP of the public key data Kq PP 
of the content provider 30 1 together with the its own sig- 
nature data SIG., ESC to the content provider 301 . 
[1120] Also.the EMD service center 302 transmits the 
certificate CER SP of the public key data K SP P of the con- 
tent provider 301 together with its own signature data 
SIG 61 Esc to the service provider 310. 
[1121] Also, the EMD service center 302 transmits 
three months' worth of the distribution use key data KD^ 
to KD 3 each having the expiration date of one month to 
the SAMs 305., to 305 4 of the user home network 303. 
[1122] Step S22: After the mutual certification, the 
content provider 301 transmits the registration use mod- 
ule Mod2 shown in Fig. 18 to the EMD service center 
302. 

[1123] Then, after the predetermined signature verifi- 
cation, the EMD service center 302 registers and au- 
thenticates the usage control policy data 106 and con- 
tent key data Kc. 

[1124] Also, the EMD service center 302 produces six 
months' worth of the key files KF shown in Fig. 5B in 
accordance with the registration use module Mod 2 , and 
transmits this to the content provider 301 . 
[1125] Step S23: The content provider 301 produces 
the content file CF and the signature data SIG 6 CP there- 
of and the key file KF and the signature data SIG 7 CP 
thereof shown in Figs. 5A and 5B and provides the se- 
cure container 1 04 storing them and the certificate data 
CER CP and the signature data SIG., ESC thereof shown 
in Fig. 5C to the service provider 31 6 on-line and/or off- 
line. 

[1 1 26] Step S24: The service provider 31 0 verifies the 
signature data SIG., ES c shown in Fig. 5C and then ver- 
ifies the signature data SIG 6 cp and SIG 7 CP shown in 
Figs. 5A and 5B by using the public key data K^p 
stored in the certificate data CER CP and confirms if the 
secure container 1 04 was transmitted from a legitimate 
content provider 301 . 

[1127] Step S25: The service provider 310 produces 
the price tag data 312 and the signature data SIG 64SP 
thereof and produces the secure container 304 shown 
in Fig. 65 storing them. 

[1 1 28] Step S26: The service provider 31 0 transmits 
the price tag registration request module Mod 102 shown 
in Fig. 69 to the EMD service center 302. 
[1129] Then, the EMD service center 302 registers 
and authenticates the price tag data 312 after the pre- 
determined signature verification. 
[1130] Step S27: The service provider 310 transmits 
the secure container 304 produced at step S25 on-line 
or off-line to the decryption module 905 of the network 



apparatus 360 1 shown in Fig. 74 in response to the re- 
quest from for example the CA module 311 of the user 
home network 303. 

[1131] Step S28: The CA module 311 produces the 
SP use purchase log data 309 and transmits this to the 
service provider 310 at the predetermined timing. 
[1132] Step S29: In any of the SAMs 305-, to 305 4) 
after verifying the signature data SIG 61 ESC shown in 
Fig. 65D, the signature data SIG 62iSP , si< ^63,sp« and 
SIGg4 SP shown in Figs. 65A : 65B and 65C are verified 
by using the public key data K SPP stored in the certifi- 
cate data CER SP , and it is confirmed whether or not the 
predetermined data in the secure container 304 was 
produced and transmitted in a legitimate service provid- 
er 310. 

[1133] Step S30: After verifying the signature data 
SIG 1 Esc shown in Fig. 65D in any of the SAMs 305., to 
305 4 , the signature data SIG 6 SP and SIG 7 SP shown in 
Figs 65A, 65B and 65C are verified by using the public 
key data Kc PP stored in the certificate data CER CP) and 
it is confirmed whether or not the content file CF in the 
secure container 304 was produced in a legitimate con- 
tent provider 301 and whether or not the key file KF was 
transmitted from a legitimate content provider 301 . 
[1 134] Also, by verifying the legitimacy of the signa- 
ture data SIG K1 ESC in the key file KF shown in Fig. 65B 
by using the public key data K ESC P in any of the SAMs 
305 1 to 305 4 , it is confirmed whether or not the key file 
KF was produced by a legitimate EMD service center 
302. 

[1135] Step S31: The user operates the purchase 
and/or usage form determination operation unit 165 of 
Fig. 74 and determines the purchase and/or usage form 
of the content. 

[1 136] Step S32: Based on the operation signal S165 
produced at step S31 , in the SAMs 305 1 to 305 4 , the 
usage log data 308 of the secure container 304 is pro- 
duced. 

[1 137] The usage log data 308 and the signature data 
S'G205,sami thereof are transmitted from the SAMs 
305! to 305 4 to the EMD service center 302. 
[1138] Also, whenever the purchase form is deter- 
mined, the usage control status data 166 is transmitted 
from the SAMs 305! to 305 4 to the EMD service center 
302. 

[1 139] Step S33: The EMD service center 302 deter- 
mines (calculates) the charge content for each of the 
content provider 301 and the service provider31 0 based 
on the usage log data 308 and produces the settlement 
claim data 152c and 152s based on the result thereof. 
[1 140] Step S34: The EMD service center 302 trans- 
mits the settlement claim data 152c and 152s together 
with its own signature data to the settlement manager 
91 via the payment gateway 90. By this, the money paid 
by the user of the user home network 303 to the settle- 
ment manager 91 is distributed to the owners of the con- 
tent provider 301 and the service provider 31 0. 
[1141] As explained above, in the EMD system 300, 
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the secure container 104 of the format shown in Fig. 5 
is distributed from the content provider 301 to the serv- 
ice provider 310, the secure container 304 storing the 
content file CF and key file KF in the secure container 
104 as they are is distributed from the service provider 
310 to the user home network 303, and the processing 
for the key file KF is carried out in the SAMs 305 1 to 
305 4 . 

[1 142] Also, the content key data Kc and usage con- 
trol policy data 106 stored in the key file KF have been 
encrypted by using the distribution use key data KD 1 to 
KD 3 and decrypted in only the SAMs 305 1 to 305 4 hold- 
ing the distribution use key data KD 1 to KD 3 . The SAMs 
305-, to 305 4 are modules having tamper resistance. 
The purchase form and the usage form of the content 
data C are determined based on the handling content 
of the content data C described in the usage control pol- 
icy data 106. 

[1143] Accordingly, according to the EMD system 
300, the content data C can be reliably purchased and 
used in the user home network 303 based on the content 
of the usage control policy data 106 produced by the 
interested party of the content provider 1 01 irrelevant to 
the processing in the service provider 31 0. Namely, ac- 
cording to the EMD system 300, it is possible to prevent 
the usage control policy data 106 from being managed 
by the service provider 31 0. 

[1144] For this reason, according to the EMD system 
300, even in a case where the content data C is distrib- 
uted to the user home network 303 via a plurality of serv- 
ice providers 31 0 of different affiliations : the rights clear- 
ing for the related content data C in the user home net- 
work 303 can be performed based on the common us- 
age control policy data 1 06 produced by the content pro- 
vider 301 . 

[1145] Also, in the EMD system 300, for the files and 
data in the secure containers 1 04 and 304, the signature 
data indicating the legitimacy of the producers and the 
transmitters of them are stored. Therefore, in the service 
provider 310 and the SAMs 305 1 to 305 4 , the legitimacy 
of the producers and transmitters and whether or not the 
data has been tampered with can be confirmed. As a 
result, the illegitimate usage of the content data C can 
be effectively avoided. 

[1146] Also, in the EMD system 300, by distributing 
the content data C from the service provider 31 0 to the 
user home network 103 by using the secure container 
304 in both of the cases of on-line and off-line, in both 
cases, common rights clearing of the content data C in 
the SAMs 305! to 305 4 can be performed. 
[1147] Also, in the EMD system 300, when purchas- 
ing, using, recording, and transferring the content data 
C in the network apparatus 360., and the AV apparatus- 
es 360 2 to 360 4 in the user home network 303, by always 
performing the processing based on the usage control 
policy data 106, common rights clearing rules can be 
employed. 

[1148] For example, as shown in Fig. 86, no matter 



by what technique (route) the content data C provided 
by the content provider 301 is distributed (delivered) 
from the service provider 31 0 to the user home network 
303, such as package communication, a digital broad- 

5 cast, Internet, dedicated line, digital radio, and mobile 
communication, in the SAMs of the user home networks 
303 and 303a, common rights clearing rules are em- 
ployed based on the usage control policy data 106 pro- 
duced by the content provider 301 . 

10 [1 149] Also, according to the EMD system 300, since 
the EMD service center 302 has the certificate authority 
function, key data management function, and the rights 
clearing (profit distribution) function, the money paid by 
the user accompanied with the usage of the content is 

is reliably distributed to the owners of the content provider 
301 and the EMD service center 302 according to the 
ratio determined in advance. 

[1150] Also, according to the EMD system 300, the 
usage control policy data 106 for the same content file 

20 CF supplied by the same content provider 301 is sup- 
plied as is to the SAMs 305-, to 305 4 irrelevant as to the 
service format of the service provider 310. Accordingly, 
in the SAMs 305! to 305 4 , the content file CF can be 
used according to the intention of the content provider 

25 301 based on the usage control policy data 1 06. 

[1151] Namely, according to the EMD system 300, at 
the time of a service using the content and usage of the 
content by the user, the rights and profit of the owner of 
the content provider 301 can be reliably protected by 

30 technical means without depending on an inspection or- 
ganization 725 as in the conventional case. 
[1152] Below, an explanation will be made of a con- 
crete example of the transport protocol such as the se- 
cure container employed in the EMD system 300 of the 

55 above second embodiment. 

[1 153] As shown in Fig. 87, the secure container 1 04 
produced in the content provider 301 is provided to the 
service provider 310 by using a content provider use 
transport protocol of the Internet (TCP/IP) or dedicated 

40 line (ATM cell). 

[1154] Also, the service provider 310 distributes the 
secure container 304 produced by using the secure con- 
tainer 104 to the user home network 303 by using the 
service provider use transport protocol of a digital broad- 

45 cast (XML7SMIL on MPEG-TS), Internet (XML/SMIL on 
TCP/IP), or package circulation (storage medium). 
[1155] Also, the secure container is transferred 
among SAMs in the user home networks 303 and 303a 
or between the user home network 303 and 303a by us- 

50 ing the home EC/distribution service (XML/SMIL on 
1394 serial bus . interface) or storage medium. 
[1156] Below, an example of the transport protocol 
employed in the data transfer in the routes indicated by 
reference symbols A to G will be explained in detail in 

55 Rg. 87. 

[1157] Figure 88 is a view for explaining the transport 
protocol employed when transporting the secure con- 
tainer 104 etc. between the content provider 301 and 
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the service provider 310 (symbol A) shown in Fig. 87. 
[1 1 58] As shown in Fig. 88, the secure container 1 04 
etc. are transported from the content provider 301 to the 
service provider 310 by a session using a common key 
in the IP/IP-SEC layer, SSL (Secure Sockets Layer), 
XML (Extensible Markup Language)/SMIL (Synchro- 
nized Multimedia Integration Language) layer, and ap- 
plication layer. 

[1 1 59] Figure 89 is a view for explaining the transport 
protocol employed when transporting the key file etc. 
between the EMD service center 302 and the content 
provider 301 (symbol B) shown in Fig. 87. 
[1 1 60] As shown in Fig. 89, the key file etc. are trans- 
ported from the EMD service center 302 to the content 
provider 301 by a session using a common key in the 
IP/IP-SEC layer, SSL layer, and the application layer. 
[1161] Figure 90 is a view for explaining the transport 
protocol employed when transporting the price tag data 
312 etc. between the EMD service center 302 and the 
service provider 310 (symbol C) shown in the figure. 
[1 1 62] As shown in Fig. 90, the price tag data 31 2 etc. 
are transported from the EMD service center 302 to the 
service provider 310 by a session using a common key 
in the IP/IP-SEC layer, SSL layer, and the application 
layer. 

[1 1 63] Figure 91 is a view for explaining the transport 
protocol employed when transporting the secure con- 
tainer 304 etc. between the service provider 31 0 and the 
user home network 303 (symbol D) and in the user home 
network 303 (symbol E) shown in Fig. 87. 
[1164] As shown in Fig. 91 , the secure container 304 
etc. are transported from the service provider 31 0 to the 
network apparatus 360! of the user home network 303. 
[1165] At this time : the MPEG-TS layer, PES layer, or 
DSM-CC_Data_Carousel layer and MHEG (Multimedia 
and Hypermedia Experts) layer or "http layer and XML/ 
SMIL layer* are used as the service provider use com- 
modity transport protocol for transferring the secure 
container 304 between the service provider 310 and the 
network apparatus 360 1 . 

[1 1 66] Also, between the network apparatus 360., and 
a storage apparatus 360 2 and between AV apparatuses, 
HAVi (XML) is used as the user home network commod- 
ity transport protocol for transferring the secure contain- 
er. 

[1167] At this time, where XML7SMIUBML is utilized 
in the data broadcast method of a digital broadcast, the 
content files CF1 and CF2 and the key files KF1 and 
KF2 and the demo sample of the secure container 304 
are stored in a BML/XML/SMIL layer on the HTTP layer 
and a monomedia data layer and transported as shown 
in Fig. 92. 

[1168] Also, where the MHEG is utilized in the data 
broadcast method of a digital broadcast, the content 
files CF1 and CF2 and the key files KF1 and KF2 and 
the demo sample of the secure container 304 are stored 
in the monomedia data layer on the MHEG layer and 
transported as shown in Fig. 93. 



[1 169] Also, where the XML/SMIL is utilized in the da- 
ta broadcast method of a digital broadcast, the content 
files CF1 and CF2 and the key files KF1 and KF2 and 
the demo sample of the secure container 304 are stored 
5 in the XML7SMIL layer on the HTTP layer and transport- 
ed as shown in Fig. 94. 

[1 1 70] Figure 95 is a view for explaining the transport 
protocol employed when the usage log data 308 and the 
usage control status data 166 etc. are transported be- 

10 tween the EMD service center 302 and the user home 
networks 303 and 303a (symbol G) shown in Fig. 87. 
[1 171] As shown in Fig. 95, where the usage log data 
308 etc. are transferred from the network apparatus 
360 1 to the EMD service center 302, a session using the 

is session key data is carried out in the IP/IP-SEC layer, 
SSL layer, and the application layer. 
[1172] Also, where the network apparatus 360 2 etc. 
transfer the usage log data 308, usage control status 
data 166, etc. to the EMD service center 302, after the 

20 usage log data 308 etc. are transferred from the storage 
apparatus 360 2 to the network apparatus 360 1 by a ses- 
sion in the IP/IP-SEC layer and the HAVi layer, they are 
transferred from the network apparatus 360 1 to the EMD 
service center 302 as mentioned before. 

25 [1 1 73] Figure 96 is a view for explaining the transport 
protocol employed when transporting the secure con- 
tainer from the storage apparatus 360 4 of the user home 
network 303 to the storage apparatus 360.,., of the user 
home network 303a shown in Fig. 87. 

30 [1174] As shown in Fig. 96, the secure container is 
transported from the storage apparatus 360 4 to the stor- 
age apparatus 360^ by a session using a common key 
in the IP/IP-SEC layer, SSL layer, XML/SMIL layer and 
the application layer. 

35 

First modification of second embodiment 

[1175] Figure 97 is a view of the configuration of an 
EMD system 300a using two service providers accord- 

40 ing to a first modification of the second embodiment. 
[1176] In Fig. 97, components given the same refer- 
ence numerals as those of Fig. 59 are the same as the 
components having the same reference numerals ex- 
plained in the first embodiment. 

45 [1 177] As shown in Fig. 97, in the EMD system 300a, 
the same secure containers 1 04 are supplied from the 
content provider 301 to service providers 310a and 
310b. 

[1 178] The service provider 310a offers a service pro- 
50 viding for example a drama program as the content. In 
the related service, a secure container 304a storing the 
content data C related to the drama program and price 
tag data 31 2a uniquely produced for the related content 
data C is produced and is distributed to the network ap- 
55 paratus 360 A . 

[1 1 79] Also, the service provider 3 1 0b provides for ex- 
ample a karaoke service. In the related service, a secure 
container 304b storing the content data C related to the 
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karaoke service and price tag data 312b uniquely pro- 
duced for the related content data C is produced and is 
distributed to the network apparatus 360.,. 
[1180] Here, the formats of the secure containers 
304a and 304b are the same as that of the secure con- 
tainer 304 explained by using Fig. 65. 
[1181] A network apparatus 360a 1 is provided with 
CA modules 311a and 311b corresponding to the serv- 
ice providers 31 0a and 31 0b. 

[1182] The CA modules 311a and 311b are receive 
the secure containers 304a and 304b in response to re- 
quests from them to the service providers 310a and 
310b. 

[1 1 83] Next, the CA modules 31 1 a and 311b produce 
SP use purchase log data 309a and 309b in accordance 
with the distributed secure containers 304a and 304b 
and transmit them to the service providers 310a and 
310b. 

[1184] Also, the CA modules 311a and 311b decrypt 
the secure containers 304a and 304b by the session key 
data K SES and then output the same to the SAMs 305! 
to 305 4 . 

[1185] Next, in the SAMs 305 1 to 305 4 , the key files 
KF in the secure containers 304a and 304b are decrypt- 
ed by using the common distribution use key data KD^ 
to KD 3 , the processing concerning the purchase and/or 
usage of the content in accordance with the operation 
from the user is carried out based on the common usage 
control policy data 106, and the usage log data 308 in 
accordance with that is produced. 
[1186] Then, the usage log data 308 is transmitted 
from the SAMs 305., to 305 4 to the EMD service center 
302. 

[1187] In the EMD service center 302, based on the 
usage log data 308, the charge content is determined 
(calculated) for each of the content provider 301 and the 
service providers 310a and 310b, and the settlement 
claim data 152c, 152sa, and 152sb corresponding to 
them are produced based on the results thereof. 
[1188] The EMD service center 302 transmits the set- 
tlement claim data 152c, 152sa, and 152sb to the set- 
tlement manager 91 via the payment gateway 90. By 
this, the money paid by the user of the user home net- 
work 303 to the settlement manager 91 is distributed to 
the owners of the content provider 301 and the service 
providers 310a and 310b. 

[1189] As mentioned above, according to the EMD 
system 300a, when the same content file CF is supplied 
to the service providers 31 0a and 31 0b, the usage con- 
trol policy data 106 for the related content file CF is en- 
crypted by the distribution use key data KD-, to KD 6 and 
supplied to the service providers 310a and 310b, and 
the service providers 310a and 310b distribute the se- 
cure containers 304a and 304b storing the encrypted 
usage control policy data 1 06 as it is to the user home 
network. For this reason, in the SAMs 305 1 to 305 4 in 
the user home network, no matter which of the service 
provider 31 0a or 31 Ob the content file CF is distributed 



from, the rights can be cleared based on the common 
usage control policy data 106. 

[1190] Note that in the first modification, the case 
where two service providers were used was exempli- 
5 tied, but in the present invention, any number of the 
service providers may be provided. 

Second modification of second embodiment 

10 [1191] Figure 98 is a view of the configuration of an 
EMD system 300b using a plurality of content providers 
according to a second modification of the second em- 
bodiment. 

[1192] In Fig. 98, components given the same refer- 
15 ence numerals as those of Fig. 59 are the same as the 
components having the same reference numerals ex- 
plained in the first embodiment. 

[1193] As shown in Fig. 98, in the EMD system 300b, 
the key files KFa and KFb are supplied from the EMD 
20 service center 302 to the content providers 301a and 
301b, and the secure containers 104a and 104b are 
supplied from content providers 301a and 301b to the 
service provider 310. 

[1 1 94] The service provider 31 0 provides a service by 
25 using the content supplied by for example the content 
providers 301a and 301b, produces the price tag data 
312a for the secure container 104a and the price tag 
data 312b for the secure container 1 04b, and produces 
a secure container 304c storing them. 
30 [1195] As shown in Fig. 98, in the secure container 
304c, the content data CFa, CFb, key files KFa and KFb, 
price tag data 312a and 312b, and the signature data 
by the secret key data K CPS of the service provider 31 0 
for each of them are stored. 
35 [1196] The secure container 304c is received at the 
CA module 311 of the network apparatus 360 1 of the 
user home network 303 and then processed at the 
SAMs 305! to 305 4 . 

[1197] In the SAMs 305! to 305 4 , the key file KFa is 
40 decrypted by using the distribution use key data KDa., 
to KDa 3 , the processing concerning the purchase and/ 
or usage is carried out in accordance with the operation 
from the user for the content file CFa based on the usage 
control policy data 1 06a, and the log thereof is described 
4 5 in the usage log data 308. 

[1 1 98] Also, in the SAMs 305! to 305 4 , the key file KFb 
is decrypted by using distribution use key data KD^ to 
KDb 3 , the processing concerning the purchase and/or 
usage is carried out in accordance with the operation 
50 from the userforthecontent file CFb based on the usage 
control policy data 1 06b, and the log thereof is described 
in the usage log data 308. 

[1199] Then, the usage log data 308 is transmitted 
from the SAMs 305! to 305 4 to the EMD service center 
55 302. 

[1200] In the EMD service center 302, based on the 
usage log data 308, the charge content is determined 
(calculated) for each of the content providers 301 a and 
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301 b and the service provider 31 0, and settlement claim 
data 1 52ca, 1 52cb, and 1 52s corresponding to them are 
produced based on the results thereof. 

[1201] The EMD service center 302 transmits the set- 
tlement claim data 152ca, 152cb : and 152s via the pay- 
ment gateway 90 to the settlement manager 91 . By this, 
the money paid by the user of the user home network 
303 to the settlement manager 91 is distributed to the 
owners of the content providers 301 a and 301 b and the 
service provider 31 0. 

[1202] As mentioned above, according to the EMD 
system 300b, as the usage control policy data 1 06a and 
1 06b of the content files CFa and CFb stored in the se- 
cure container 304, those produced by the content pro- 
viders 301a and 301b are used as they are, therefore, 
in the SAMs 305 n to 305 4 , the rights for the content files 
CFa and CFb are reliably cleared based on the usage 
control policy data 106a and 106b according to the in- 
tention of the content providers 301a and 301b. 
[1203] Note that, in the second modification shown in 
Fig. 98, the case where two content providers were used 
was exemplified, but any number of the content provid- 
ers may be used. 

[1204] Further, there may be a plurality of both of the 
content providers and service providers. 

Third modification of second embodiment 

[1205] Figure 99 is a view of the configuration of the 
EMD system according to a third modification of the sec- 
ond embodiment. 

[1 206] In the second embodiment, the case where the 
EMD service center 302 performed the settlement for 
the content provider 301 and the service provider 310 
at the settlement manager 91 was exemplified, but in 
the present invention, for example, as shown in Fig. 99, 
it is also possible for the settlement claim data 152c for 
the content provider 301 and the settlement claim data 
152s for the service provider 310 to be produced based 
on the usage log data 308 in the EMD service center 

302 and for them to be transmitted to the content pro- 
vider 301 and the service provider 31 0. 

[1207] In this case, the content provider 301 performs 
settlement at a settlement manager 91a via a payment 
gateway 90a by using the settlement claim data 152c. 
Further, the service provider 31 0 performs settlement at 
a settlement manager 91 b via a payment gateway 90b 
by using the settlement claim data 152s. 

Fourth modification of second embodiment 

[1208] Figure 100 is a view of the configuration of the 
EMD system according to a fourth modification of the 
second embodiment. 

[1 209] I n the second embodiment, the case where the 
service provider 31 0 did not have a charging function as 
in for example the current Internet was exemplified, but 
where the service provider 310 has a charging function 



as in the current digital broadcast, in the CA module 31 1 , 
a usage log data 308s with respect to the service of the 
service provider 310 concerning the secure container 
304 is produced and transmitted to the service provider 
5 310. 

[1210] Then, the service provider 310 performs 
charge processing based on the usage log data 308s to 
produce the settlement claim data 152s and performs 
settlement at the settlement manager 91b via the pay- 
10 ment gateway 90b by using this. 

[1 21 1 ] On the other hand, the SAMs 305 1 to 305 4 pro- 
duce usage log data 308c with respect to the rights 
clearing of the content provider 301 concerning the se- 
cure container 304 and transmit them to the EMD serv- 
es ice center 302. 

[1212] The EMD service center 302 produces the set- 
tlement claim data 152c based on the usage log data 
308c and transmits this to the content provider 301 . 
[1213] The content provider 301 performs settlement 
20 at the settlement manager 9 1 a via the payment gateway 
90a by using the settlement claim data 152c. 

Fifth modification of second embodiment 

25 [1214] In the embodiment, as shown in Fig. 72, the 
case where the user preference filter data 903 was pro- 
duced based on the usage log data 308 received from 
the SAM 305 t etc. in the user preference filter genera- 
tion unit 901 of the EMD service center 302 was exem- 

30 plified, but it is also possible to produce for example the 
user preference filter data 903 in the user preference 
filter generation unit 901 based on the usage control sta- 
tus data 166 produced in the user monitor unit 186 of 
the SAM 305 1 shown in Fig. 78 and transmitted to the 

35 EMD service center 302 in real-time. 

Sixth modification of second embodiment 

[1 21 5] The content provider 301 , the service provider 

40 310, and the SAMs 305! to 305 4 can register their secret 
key data K CPS , K SPS , and K SAM1 s to K SAM4S in the 
EMD service center 302 too other than their public key 
data Kcp p, K SPP , and K SAM1 P to K SAM4 P . 
[1216] By doing this, it becomes possible for the EMD 

45 service center 302 to tap into desired communication 
among the communication between the content provid- 
er 301 and the service provider 31 0, the communication 
between the service provider 310 and the SAMs 305! 
to 305 4 , and the communication among the SAMs 305 t 

50 to 305 4 in the user home network 303 by using the secret 
key data Kcps, K SPS , and K SAM1 s to K SAM4S in re- 
sponse to demands from the government or police or- 
ganizations at the time of emergencies. 
[1217] Further, for the SAMs 305! to 305 4 , it is also 

55 possible even if the secret key data K SAM1 s to K SAM4 s 
are produced by the EMD service center 302 at the time 
of shipment, and they are stored in the SAMS 305! to 
305 4 and, at the same time, held (registered) by the 
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EMD service center 302. 

Seventh modification of second embodiment 

[1218] In the embodiment, the case where, when the 
content provider 301, service provider 310, and the 
SAMs 305 1 to 305 4 communicated with each other, the 
certificate data CER CP , CER SP , and CER SAM1 to 
cer sam4 were acquired from the EMD service center 
302 in advance and were transmitted to the destination 
of communication by the in-band method was exempli- 
fied, but in the present invention, various formats can 
be employed as the transmission format of the certifi- 
cate data to the destination of communication. 
[1219] For example, when the content provider 301, 
service provider 310, and the SAMs 305 1 to 305 4 com- 
municate with each other, it is also possible if the certif- 
icate data CER CP , CER SP , and CER SAM1 to CER SAM4 
are acquired from the EMD service center 302 in ad- 
vance and are transmitted to the destination of commu- 
nication by the in-band method preceding the related 
communication. 

[1220] Further, it is also possible for the content pro- 
vider 301 , service provider 310, and the SAMs 305 1 to 
305 4 to acquire the certificate data CER CP , CER SP , and 
cer sami to cer sam4 from tne EMD service center302 
at the time of communication. 

[1221] Figure 101 is a view for explaining the format 
of the route for acquiring (obtaining) the certificate data. 
[1222] Note that, in Fig. 101, components given the 
same reference numerals as those of Fig. 59 are the 
same as the components having the same reference nu- 
merals explained above. Further, the user home net- 
work 303a is the same as the user home network 303 
mentioned before. In a user home network 303b, SAMs 
305^ to 305 14 are connected via the IEEE1394 serial 
bus serving as the bus 1 91 . 

[1223] Where the content provider 301 acquires the 
certificate data CER SP of the service provider 31 0, there 
are for examp le a case where the certificate data CER SP 
is transmitted from the service provider 310 to the con- 
tent provider 301 preceding the communication ((3) in 
Fig. 101) and a case where the content provider 301 
orders the certificate data CER SP from the EMD service 
center 302 ((1) in Fig. 101). 

[1224] Also, where the service provider 310 acquires 
the certificate data CER CP of the content provider 301 , 
there are for example a case where the certificate data 
CER CP is transmitted from the content provider 301 to 
the service provider 310 preceding the communication 
((2) in Fig. 101) and a case where the service provider 
310 orders the certificate data CER CP from the EMD 
service center 302 ((4) in Fig. 101). 
[1 225] Also, where the service provider 31 0 acquires 
the certificate data CER SAM1 to CER SAM4 of the SAMs 
305 1 to 305 4 , there are for example a case where the 
certificate data CER SAM1 to CER SAM4 are transmitted 
from the SAMs 305 1 to 305 4 to the service provider 3 1 0 



preceding the communication ((6) in Fig. 101) and a 
case where the service provider 310 orders the certifi- 
cate data CER SAM1 to CER SAM4 from the EMD service 
center 302 ((4) in Fig. 101). 

5 [1 226] Also, where the SAMs 305., to 305 4 acquire the 
certificate data CER SP of the service provider 31 0, there 
are for example a case where the certificate data CER SP 
is transmitted from the service provider 31 0 to the SAMs 
305 1 to 305 4 preceding the communication ((5) in Fig. 

10 101) and a case where the SAMs 305 1 to 305 4 order the 
certificate data CER SP from the EMD service center 302 
((7) in Fig. 101, etc.). 

[1227] Also, where the SAM 305! acquires the certif- 
icate data CER SAM2 of the SAM 305 2 , there are for ex- 
's ample a case where the certificate data CER SAM2 is 
transmitted from the SAM 305 2 to the SAM 305! pre- 
ceding the communication ((8) in Fig. 101) and a case 
where the SAM 305! orders the certificate data 
CER SAM2 from tne EMD service center 302 ((7) in Fig. 

20 101, etc.). 

[1228] Also, where the SAM 305 2 acquires the certif- 
icate data CER SAM1 of the SAM 305! , there are for ex- 
ample a case where the certificate data CER SAM1 is 
transmitted from the SAM 305! to tne SAM 3 °5 2 pre- 

25 ceding the communication ((9) in Fig. 101), a case 
where the SAM 305 2 orders the certificate data 
CER SAM1 from the EMD service center302 by itself, and 
a case where the SAM 305 2 orders the certificate data 
cer sami via tne network apparatus with the SAM 305! 

30 mounted thereon ((7) and (8) in Fig. 101). 

[1 229] Also, where the SAM 305 4 acquires certificate 
data CER SAM13 of the SAM 305 13 , there are for example 
a case where the certificate data CER SAM13 is transmit- 
ted from the SAM 305 13 to the SAM 305 4 preceding the 

35 communication ((12) in Fig. 101), a case where the SAM 
305 4 orders the certificate data CER SAM13 f rom the EMD 
service center 302 by itself ((1 0) in Fig. 1 01 ), and a case 
where the SAM 305 4 orders the certificate data 
cer sami3 via tne network apparatus in the user home 

40 network 303b. 

[1230] Also, where the SAM 305 13 acquires the cer- 
tificate data CER SAM4 of the SAM 305 4 , there are for 
example a case where the certificate data CER SAM4 is 
transmitted from the SAM 305 4 to the SAM 305 13 pre- 

45 ceding the communication ((11) in Fig. 101), a case 
where the SAM 305 13 orders the certificate data 
CER SAM4 from tn © EMD service center 302 by itself 
((13) in Fig. 101), and a case where the SAM 305 13 or- 
ders the certificate data CER SAM4 via the network ap- 

50 paratus in the user home network 303b. 

Handling of certificate revocation list (data) in second 
embodiment 

55 [1 231 ] In the second embodiment, in order to prevent 
the content provider 301 , service provider 31 0, and the 
SAMs 305! to 305 4 used for illegitimate action etc. from 
communicating with the other apparatuses in the EMD 
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service center 302, a certificate revocation list for inval- 
idating the certificate data of the apparatus used for the 
related illegitimate action is produced. Then, the related 
certificate revocation list CRL is transmitted to the con- 
tent provider 301 , service provider 310, and the SAMs 
305 1 to 305 4 . 

[1232] Note that, it is also possible if the certificate 
revocation list CRL is produced in for example the con- 
tent provider 301 , service provider 310, and the SAMs 
305 1 to 305 4 other than the EMD service center 302. 
[1233] First, an explanation will be made of the case 
where the EMD service center 302 invalidates the cer- 
tificate data CER CP of the content provider 301 . 
[1234] As shown in Fig. 102, the EMD service center 
302 transmits a certificate revocation list CRL 1 indicat- 
ing the invalidation of the certificate data CER CP to the 
service provider 31 0((1) in Fig. 102). When verifying the 
signature data input from the content provider 301 , the 
service provider 310 decides the validity of the certifi- 
cate data CER CP by referring to the certificate revoca- 
tion list CRL-!, performs signature verification using the 
public key data Kcpp where it decides that it is valid, 
while invalidates the data from the content provider 301 
without the related signature verification where it de- 
cides that it is invalid. Note that, it is also possible not 
to invalidate the data, but reject the communication. 
[1 235] Also, the EMD service center 302 transmits the 
certificate revocation list CRL 1 to for example the SAM 
305 1 in the user home network 303 by utilizing circula- 
tion resources of the service provider 31 0 by either the 
broadcast type or on-demand type ((1) and (2) in Fig. 
102). When verifying the signature data of the content 
provider 301 stored in the secure container input from 
the service provider 31 0, the SAM 305 1 decides the va- 
lidity of the certificate data CER CP by referring to the 
certificate revocation list CRL 1f performs signature ver- 
ification using the public key data Kq P P where it decides 
it as valid, while invalidates the related secure container 
without the related signature verification where it de- 
cides it as invalid. 

[1236] Note that, it is also possible for the EMD serv- 
ice center 302 to directly transmit the certificate revoca- 
tion list CRL 1 to the SAM 305-, via the network apparatus 
in the user home network 303 ((3) in Fig. 102). 
[1237] Next, an explanation will be made of the case 
where the EMD service center 302 invalidates the cer- 
tificate data CER SP of the service provider 310. 
[1238] As shown in Fig. 103, the EMD service center 
302 transmits a certificate revocation list CRL 2 indicat- 
ing the invalidation of the certificate data CER SP to the 
content provider 301 ((1) in Fig. 103). When verifying 
the signature data input from the service provider 310, 
the content provider 301 decides the validity of the cer- 
tificate data CER SP by referring to the certificate revo- 
cation list CRL 2 , performs signature verification using 
the public key data K SPP where it decides it as valid, 
while invalidates the data from the service provider 310 
without the related signature verification where it de- 



cides it as invalid. 

[1239] Also, the EMD service center 302 transmits the 
certificate revocation list CRL 2 to for example the SAM 
305 1 in the user home network 303 by utilizing the cir- 

5 culation resources of the service provider 31 0 by either 
the broadcast type or on-demand type ((2) in Fig. 103). 
When verifying the signature data of the content provid- 
er 301 stored in the secure container input from the serv- 
ice provider 310, the SAM 305-, decides the validity of 

io the certificate data CER SP by referring to the certificate 
revocation list CRL 2 , performs signature verification us- 
ing the public key data K SPP where it decides it as valid, 
and while invalidates the related secure container with- 
out the related signature verification where it decides it 

*5 as invalid. 

[1240] In this case, in the service provider 310, the 
module for transmitting and receiving the certificate rev- 
ocation list CRL 2 must have tamper resistance. Further, 
in the service provider 31 0, the certificate revocation list 

20 CRL 2 must be stored in a region where tampering by an 
interested party of the service provider 31 0 is difficult. 
[1 241 ] Note that, it is also possible for the EM D serv- 
ice center 302 to directly transmit the certificate revoca- 
tion list CRL 2 to the SAM 305 1 via the network apparatus 

25 jn the user home network 303 ((3) in Fig. 1 03). 

[1242] Next, an explanation will be made of a case 
where the EMD service center 302 invalidates for ex- 
ample the certificate data CER^^ of the SAM 305 2 . 
[1243] As shown in Fig. 104, the EMD service center 

30 302 transmits a certificate revocation list CRL 3 indicat- 
ing the invalidation of the certificate data CER SAM2 to 
the content provider 301 ((1) in Fig. 104). The content 
provider 301 transmits the certificate revocation list 
CRL 3 to the service provider 31 0. The service provider 

35 310 transmits the certificate revocation list CRL 3 to for 
example the SAM 305 1 in the user home network.303 
by utilizing its own circulation resources by either the 
broadcast type or on-demand type ((1) in Fig. 104). 
When verifying the signature data of the SAM 305 2 add- 

40 ed to the data input from the SAM 305 2 , the SAM 305 1 
decides the validity of the certificate data CER SAM2 by 
referring to the certificate revocation list CRL 3 , performs 
signature verification using the public key data K SAM2 P 
where it decides it as valid, while invalidates the related 

45 data without the related signature verification where it 
decides it as invalid. 

[1244] In this case, in the service provider 310, the 
module for transmitting and receiving the certificate rev- 
ocation list CRL 3 must have tamper resistance. Further, 

so in the service provider 31 0, the certificate revocation list 
CRL 3 must be stored in a region where tampering by an 
interested party of the service provider 31 0 is difficult. 
[1245] It is also possible for the EMD service center 
302 to transmit the certificate revocation list CRL 3 to the 

55 SAM 305 1 via the service provider 310 ((1) and (2) in 
Fig. 104). 

[1246] Further, it is also possible for the EMD service 
center 302 to directiy transmit the certificate revocation 
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list CRL 3 to the SAM 305 1 via the network apparatus in 
the user home network 303 ((3) in Fig. 104). 
[1247] Also, the EMD service center 302 produces 
and stores the certificate revocation list CRL 3 indicating 
the invalidation of for example the certificate data 5 
CER SAM2 of tn e SAM 305 2 . 

[1248] Also, the user home network 303 produces a 
SAM registration list SRL of the SAMs connected to the 
bus 191 and transmits this to the EMD service center 
302 ((1) in Fig. 105). 10 
[1249] The EMD service center 302 specifies the 
SAMs (for example SAM 305 2 ) for which invalidation is 
instructed by the certificate revocation list CRL 3 among 
the SAMs 305-, to 305 4 indicated in the SAM registration 
list, sets revocation flags corresponding to the related is 
SAMs in the SAM registration list SRL so as to indicate 
the invalidity, and produces a new SAM registration list 
SRL. 

[1250] Next, the EMD service center 302 transmits 
the related produced SAM registration list SRL to the 20 
SAM 305., ((1) in Fig. 105). 

[1 251 ] The SAM 305 1 determines the existence of the 
verification of the signature data and whether or not 
communication is permitted by referring to the revoca- 
tion flags of the SAM registration list SRL when commu- 25 
nicating with another SAM. 

[1252] Also, the EMD service center 302 produces the 
certificate revocation list CRL 3 and transmits this to the 
content provider 301 ((2) in Fig. 105). 
[1253] The content provider 301 transmits the certifi- 30 
cate revocation list CRL 3 to the service provider 31 0 ((2) 
in Fig. 105). 

[1254] Next, the service provider 310 transmits the 
certificate revocation list CRL 3 to the SAM 305 1 by either 
the broadcast type or on-demand type by utilizing its 35 
own circulation resources ((2) in Fig. 105). 
[1255] The SAM 305 1 specifies the SAMs (for exam- 
ple SAM 305 2 ) for which invalidation is instructed by the 
certificate revocation list CRL 3 among the SAMs 305! 
to 305 4 indicated in the SAM registration list produced 40 
by itself and sets revocation flags corresponding to the 
related SAMs in the SAM registration list SAL so as to 
indicate the invalidity. 

[1256] From then on, the SAM 305., determines the 
existence of verification of the signature data and wheth- 45 
er or not communication is permitted by referring to the 
revocation flag of the related SAM registration list SRL 
when communicating with another SAM. 
[1 257] Also, the EMD service center 302 produces the 
certificate revocation list CRL 3 and transmits this to the so 
service provider 310 ((3) in Fig. 105). 
[1258] Next, the service provider 310 transmits the 
certificate revocation list CRL 3 to the SAM 305! by either 
the broadcast type or on-demand type by utilizing its 
own circulation resources ((3) in Fig. 105). 55 
[1259] The SAM 305! specifies the SAMs (for exam- 
ple SAM 305 2 ) for which invalidation is instructed by the 
certificate revocation list CRL 3 among the SAMs 305! 



to 305 4 indicated in the SAM registration list produced 
by itself and sets revocation flags corresponding to the 
related SAMs in the SAM registration list SAL so as to 
indicate the invalidity. 

[1260] From then on, the SAM 305! determines the 
existence of verification of the signature data and wheth- 
er or not communication is permitted by referring to the 
revocation flag of the related SAM registration fist SRL 
when communicating with another SAM. 

Role etc. of EMD service center 302 

[1261] Figure 106 is a view of the configuration of the 
EMD system where the functions of the EMD service 
center (clearinghouse) 302 shown in Fig. 59 are divided 
between a right management use clearinghouse 950 
and an electronic settlement use clearinghouse 951 . 
[1262] In the related EMD system, in the electronic 
settlement use clearinghouse 951 , settlement process- 
ing (profit distribution processing) is carried out based 
on the usage log data 308 from the SAM of the user 
home networks 303a and 303b, settlement claim data 
of the content provider 301 and the service provider 31 0 
are produced, and settlement is carried out at the set- 
tlement manager 91 via the payment gateway 90. 
[1 263] Also, the right management use clearinghouse 
950 produces the settlement reports of the content pro- 
vider 301 and the service provider 310 in accordance 
with the settlement notification from the electronic set- 
tlement use clearinghouse 951 and transmits them to 
the content provider 301 and the service provider 31 0. 
[1264] Also, it performs the registration (authentica- 
tion) etc. of the usage control policy data 106 and the 
content key data Kc of the content provider 301 . 
[1 265] Note that, as shown in Fig. 1 07, when the right 
management use clearinghouse 950 and the electronic 
settlement use clearinghouse 951 are accommodated 
in a single apparatus, the EMD service center 302 
shown in Fig. 59 is formed. 

[1266] Also, in the present invention, for example, it 
is also possible to provide the function of a right man- 
agement use clearinghouse 960 in the EMD service 
center 302, perform the registration etc. of the usage 
control policy data 106 in the right management use 
clearinghouse 960 and, at the same time, produce the 
settlement claim data of the service provider 31 0 based 
on the usage log data 308 from the SAMs and transmit 
this to the service provider 31 0 as shown in Fig. 1 08. In 
this case, the service provider 310 utilizes its own 
charge system as an electronic settlement 0 use clear- 
inghouse 961 and performs settlement based on the 
settlement claim data from the right management use 
clearinghouse 960. 

[1267] Also, in the present invention, for example, it 
is also possible to provide the function of a right man- 
agement use clearinghouse 970 in the EMD service 
center 302, perform the registration etc. of the usage 
control policy data 106 in the right management use 
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clearinghouse 970 and, at the same time, produce the 
settlement claim data of the content provider 301 based 
on the usage log data 308 from the SAMs and transmit 
this to the content provider 301 as shown in Fig. 1 09. In 
this case, the content provider 301 utilizes its own 5 
charge system as an electronic settlement use clearing- 
house 971 and performs settlement based on the set- 
tlement claim data from the right management use 
clearinghouse 970. 

[1268] Also, in the present invention, for example, it 
is also possible to provide the function of the right man- 
agement use clearinghouse 970 and the electronic set- 
tlement use clearinghouse 971 mentioned above in the 
content provider 301 as shown in Fig. 110. 
[1269] In this case, the content provider 301 utilizes 
its own charge system as the electronic settlement use 
clearinghouse 961 and performs settlement by itself at 
the settlement manager 91 based on the settlement 
claim data produced in the right management use clear- 
inghouse 970. 

Eighth modification of the second embodiment 

[1 270] In the second embodiment, the case where the 
secure container 1 04 of the format shown in Fig. 5 was 
provided from the content provider 301 to the service 
provider 31 0, and the secure container 304 of the format 
shown in Fig. 65 was distributed from the service pro- 
vided 0 to the user home network 303 in the EMD sys- 
tem 300 shown in Fig. 59 was exemplified. 
[1271] Namely, in the second embodiment, the case 
where a single content file CF and a single key file KF 
corresponding to the related content file CF were stored 
in the secure container 104 and the secure container 
304 as shown in Fig. 5 and Fig. 65 was exemplified. 
[1272] In the present invention, it is also possible to 
store a plurality of content files CF and a plurality of key 
files KF corresponding to the related plurality of content 
files CF in the secure container 1 04 and the secure con- 
tainer 304. 

[1273] Figure 111 is a view for explaining the format 
of the secure container 1 04a provided from the content 
provider 301 to the service provider 310 shown in Fig. 
59 in the present modification. 

[1274] As shown in Fig. 111 , in the secure container 
104a, content files CF 1( CF 2 , and CF 3 , key files KF 1} 
KF 2 , and KF 3 , certificate data CER CP , and signature da- 
ta SIGgoo.CP' SIG201 CP* S'Cj202,CP> S'(3203,CP' 

SIG204CP' SIG205CP' anc l SIG-, £sc are stored. 
[1275] Here : the signature data SIG^q CP , s '^201,cp» 

SIG 202 cp ) SIG203.CP' ®'^204,CP» and S' G 205,CP 8re P f °" 

duced in the content provider 301 by taking the hash 
values of the content files CF V CF 2 , and CF 3 and the 
key files KF.,, KF 2 , and KF 3 , and using the secret key 
data Kqps of the content provider 301 . 
[1276] In the content file CF.,, a header, meta data 
Meta^ content data C^ an A/V expansion use software 
Soft.,, and a watermark module WM., are stored. 



[1277] Here, the content data C 1 and the AA/ expan- 
sion use software Soft 1 have been encrypted by using 
the content key data Kc, , and the meta data Meta! and 
the watermark module WM 1 have been encrypted by us- 
ing the content key data Ko, according to need. 
[1278] Also, the content data C, has been com- 
pressed by for example the ATRAC3 method. The AA/ 
expansion use software Soft-, is the software for the ex- 
pansion of the ATRAC3 method. 
[1279] Also, in the header of the content file CF.,, for 
example, as shown in Fig. 112, directory structure data 
DSD., indicating the linkage to the key file KF-, and the 
content file CF 2 is contained. 

[1280] In the content file CF 2 , the header, meta data 
Meta 2 , content data C 2 , an A/V expansion use software 
Soft 2 , and a watermark module WM 2 are stored. 
[1 281 ] Here, the content data C 2 and the A/V expan- 
sion use software Soft 2 have been encrypted by using 
the content key data KC2, and the meta data Meta 2 and 
the watermark module WM 2 have been encrypted by us- 
ing the content key data KC2 according to need. 
[1282] Also, the content data C 2 has been com- 
pressed by for example the MPEG2 method. The A/V 
expansion use software Softg is the software for the ex- 
pansion of the MPEG2 method. 

[1283] Also, in the header of the content file CF 2 , for 
example, as shown in Fig. 112, directory structure data 
DSD 2 indicating the linkage to the key file KF 2 and the 
content file CF 3 is contained. 

[1284] In the content file CF 3 , the header, meta data 
Meta 3 , content data C 3 , an A/V expansion use software 
Soft 3 , and a watermark module WM 3 are stored. 
[1 285] Here, the content data C 3 and the A/V expan- 
sion use software Soft 3 have been encrypted by using 
the content key data KC3, and the meta data Meta 3 and 
the watermark module WM 3 have been encrypted by us- 
ing the content key data Kc>3 according to need. 
[1286] Also, the content data C 3 has been com- 
pressed by for example the JPEG method. The A/V ex- 
pansion use software Soft 3 is the software for the ex- 
pansion of the JPE G method. 

[1287] Also, in the header of the content file CF 2 , for 
example, as shown in Fig. 112, directory structure data 
DSD 3 indicating the linkage to the key file KF 3 is con- 
tained. 

[1 288] In the key file KF., , the header, content key data 
Kc., encrypted by using the distribution use key data KD., 
to KD 3 , usage control policy data 106 1 , the SAM pro- 
gram download container SDC-,, and signature data 
SIG^q esc are stored. 

[1 289] In the key file KF 2 , the header, content key data 
Kc 2 encrypted by using the distribution use key data KD 1 
to KD 3 , usage control policy data 106 2 , the SAM pro- 
gram download container SDC 2 , and signature data 
SIG 221 ESC are stored. 

[1 290] In the key file KF 3 , the header, content key data 
Kc 3 encrypted by using the distribution use key data KD t 
to KD 3 , usage control policy data 1 06 3 , the SAM pro- 
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gram download container SDC 3 , and signature data 
SIG 2 22,esc are stored. 

[1291] When receiving the secure container 104a 
shown in Fig. 112, the service provider310 confirms the 
legitimacy of the signature data SIG 200 CP , SIG 201 cp , 

S,G 202,CP' S ^ G 203,CP' SIG 204,CP' and SIG 205,CP> that is > 

the legitimacy of the producers and transmitters of the 
content files CF 1( CF 2 , and CF 3 , and the legitimacy of 
the transmitters of the key files KF 1; KF 2 , and KF 3 by 
using the public key data K cpp stored in the certificate 
data CER CP after confirming the legitimacy of the relat- 
ed certificate data CER CP by using the public key data 
K ESC P of the EMD service center 302. 
[1292] Also, the content provider 301 confirms the le- 
gitimacy of the signature data SIG 220 ESC , SIG 221 ESC , 
and SIG 22 2,ESC and tne legitimacy of the producers of 
the key files KF 1( KF 2 , and KF 3 by using the public key 
data K ESC p . 

[1 293] Then , the service provider 31 0 produces price 
tag data 31 2-, , 31 2 2 , and 31 2 3 indicating the sales prices 
of the content files CF-, , CF 2 , and CF 3 . 
[1294] Also, the service provider 310 produces the 
signature data SIG 220SP , SIG 221 sp , and SIG 222SP of 
the price tag data 312-, , 312 2 , and 312 3 by using the 
secret key data K SPS . 

[1295] Also, the service provider 310 produces the 
signature data S!G 210SP , SIG 211 SP , SIG 212SP , 
SIG 213,SP' SIG 214 sp , anc ' SIG 215,sp °f tne content files 
CF^ CF 2 , and CF 3 and KF 1( KF 2 ,'and KF 3 by using the 
secret key data K SPS . 

[1296] Next, the service provider 310 produces the 
secure container 304a shown in Fig. 114. 
[1 297] The service provider 31 0 distributes the secure 
container 304a shown in Fig. 114 to the user home net- 
work 303. 

[1298] In the user home network 303, in the SAMs 
305 1 to 305 4 , after confirming the legitimacy of all sig- 
nature data stored in the secure container 304a, the 
rights for the content data C, , C 2 and C 3 are cleared in 
accordance with the link state shown in the directory 
structure data DSD 1 to DSD 3 based on the key files KF 1 , 
KF 2 , and KF 3 . 

[1299] Also, in the eighth modification mentioned 
above, in the secure container 304 f the case where the 
plurality of content files CF 101 , CF 102 , and CF 103 provid- 
ed from the single service provider 310 were stored in 
the single secure container 304a and distributed to the 
user home network 303 was exemplified, but as shown 
in Fig. 98, it is also possible to store a plurality of content 
files CF provided from a plurality of content providers 
301 a and 301 b in a single secure container and distrib- 
ute the same to the user home network 303. 
[1300] Also, in the secure containers 104 and 304, for 
example, as shown in Fig. 113, it is also possible if a 
content file CF 1 storing music (voice) data compressed 
by the ATRAC3, a content file CF 2 storing video clip data 
compressed by the MPEG2, a content file CF 3 storing 
the jacket (still image) data compressed by the JPEG, 



a content file CF 4 storing the lyrics data in a text format, 
and a content file CF 5 storing the liner note data in a text 
format and key files KF 1 , KF 2; KF 3 , KF 4 and KF 5 corre- 
sponding to them are stored. 
5 [1301] Also in this case, similarly, by the directory 
structure data of the content files CF 1 to CF 5 , the linkage 
among the content files CF., to CF 5 and the linkage be- 
tween the content files CF 1 to CF 5 and the key files KF 1 
to KF 5 are established. 
10 [1 302] Note that, the concept of the data format in the 
case where a plurality of content data are stored in the 
secure container in the present embodiment (case of 
composite type) is shown in for example Fig. 1 1 5 or Fig. 
116. 

[1303] Note that, the format shown in Fig. 111 can be 
similarly applied to also the case where the secure con- 
tainer 104 is transmitted from the content provider 101 
to the user home network 1 03 shown in Fig. 1 . 

Ninth modification of second embodiment 

[1 304] In the above embodiment the case where the 
content files CF and the key files KF were stored in the 
secure containers 104 and 304 with the directory struc- 
tures and transmitted from the content provider 301 to 
the service provider 310 and from the service provider 
31 0 to the SAMs 305 1 to 305 4 was exemplified, but it is 
also possible to separately transmit the content files CF 
and key files KF from the content provider 301 to the 
service provider 31 0 and from the service provider 31 0 
to the SAMs 305., to 305 4 . 

[1305] This includes for example the following first 
technique and second technique. 
[1 306] In the first technique, as shown in Fig. 1 1 7, the 
content files CF and the key files KF are separately 
transmitted from the content provider 301 to the service 
provider 310 and from the service provider 310 to the 
SAMs 305-, to 305 4 . 

[1 307] Also, in the second techniq ue, as shown in Fig. 
118, the content files CF are transmitted from the con- 
tent provider 301 to the service provider 310 and from 
the service provider 310 to the SAMs 305! to 305 4; and 
the key files KF are transmitted from the EMD service 
center 302 to the SAMs 305! to 305 4 . The related key 
files KF are transmitted from the EMD service center 
302 to the SAMs 305! to 305 4 when for example the 
users of the SAMs 305! to 305 4 are going to determine 
the purchase form of the content data C. 
[1308] Where the first technique and the second tech- 
nique are employed, for example, a link is established 
between related content files CF and between the con- 
tent files CF and the key files KF corresponding to them 
by using the hyper link data HL stored in the headers of 
at least one of the content files CF and the key files KF. 
In the SAMs 1 05! t0 1 °5 4 , the rights are cleared and the 
content data C is used based on the related link. 
[1309] Also, in the above second embodiment, the 
case where the content data C and the key data such 
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as the content key data Kc and the usage control policy 
data 1 06 were transmitted from the content provider301 
to the service provider 31 0 and from the service provider 
31 0 to the SAMs 305., to 305 4 in the file format was ex- 
emplified, but it is not always necessary to comprise 
them in the file format so far as the link among them can 
be established. 

[1310] For example, as shown in Fig. 119, it is also 
possible to separately transmit the content data C, meta 
data Meta, A/V expansion use software Soft, watermark 
module WM, key file KF, price tag data 312, and the cer- 
tificate data CERqp and CER SP from the content pro- 
vider 301 and the EM D service center 302 to the SAMs 
305 1 to 305 4 . 

[1311] In this case, as shown in Fig. 119, the content 
data C 3 meta data Meta, A/V expansion use software 
Soft, watermark module WM, key file KF, price tag data 
312, and certificate data CERq P and CEFJ SP are linked 
by the hyper link data HL. 

[1312] Here, the hyper link data HL is encrypted by 
for example the distribution use key data KD-, to KD 6 
and transmitted. 

[1313] Note that, in the present modification, as the 
formats of the content files CF and the key files KF, for 
example those shown in Figs. 5A and 5B are employed. 
Also, in this case, preferably the signature data SIG 5 CP 
and SIG 7 CP of them are transmitted together with the 
content files CF and the key files KF. 

1 0th modification of second embodiment 

[1 31 4] In the above embodiment, the case where the 
content files CF and the key files KF were separately 
provided in the secure container 104 was exemplified, 
but for example, as shown in Fig. 1 20, it is also possible 
to store the key files KF in the content files CF in the 
secure containers 104 and 304, 

[1315] In this case, with respect to the content files 
CF storing the key files KF, the signature data by the 
secret key data K CPS of the content provider 301 and 
the signature by the secret key data K SP s of the service 
provider 310 are attached. 

11th modification of second embodiment 

[1316] In the above embodiment, the case where the 
content data C was stored in the content files CF, the 
content key data Kc and the usage control policy data 
1 06 were stored in the key files KF, and they were trans- 
mitted from the content provider 301 to the service pro- 
vider 31 0 and from the service provider 31 0 to the SAM 
305 1 etc. was exemplified, but it is also possible to trans- 
mit at least one among the content data C, content key 
data Kc, and usage control policy data 1 06 from the con- 
tent provider 301 to the service provider 310 and from 
the service provider 310 to the SAMs 305 1 etc. in a for- 
mat not depending upon the communication protocol 
without employing the file format. 



[1 317] For example, as shown in Fig. 1 21 , in the con- 
tent provider 301 , the secure container 1 04s storing the 
content data C encrypted by the content key data Kc 
and the key file KF containing the encrypted content key 

5 data Kc and the encrypted usage control policy data 1 06 
etc. is produced, and the secure container 1 04s is trans- 
mitted to the service provider 310 in a format not de- 
pending upon the communication protocol. Then, in the 
service provider 310, it is also possible if the price tag 

10 data 312 is added to the content data C and the key file 
KF stored in the secure container 104s to produce the 
secure container 304s, and the secure container 304s 
is transmitted to the SAM 305-, etc. in a format not de- 
pending upon the communication protocol. 

*s [1 318] Also, as shown in Fig. 1 22, the content data C 
encrypted by the content key data Kc and the key file 
KF containing the encrypted content key data Kc and 
the encrypted usage control policy data 106 etc. are 
separately transmitted from the content provider 301 to 

20 the service provider31 0 in a format not depending upon 
the communication protocol. Then, from the service pro- 
vider 31 0 to the SAM 305 1 etc., the content data C, key 
file KF, and the price tag data 312 are separately trans- 
mitted in a format not depending upon the communica- 

25 tion protocol. Namely, the content data C is not com- 
prised in the file format and is transmitted by the identical 
route to that for the key file KF. 

[1 319] Also, as shown in Fig. 1 23, the content data C 
encrypted by the content key data Kc is transmitted from 

30 the content provider 301 to the service provider 31 0 in 
a format not depending upon the communication proto- 
col, while the content data C and the price tag data 312 
are transmitted from the service provider 31 0 to the SAM 
305! etc. in a format not depending upon the communi- 

35 cation protocol. Also, it is also possible if the key file KF 
containing the encrypted content key data Kc and. the 
encrypted usage control policy data 1 06 etc. is transmit- 
ted from the EMD service center 302 to the SAM 305 1 
etc. Namely, the content data C is not comprised in the 

40 file format and is transmitted by a different route from 
that for the key file KF. 

[1 320] Also, as shown in Fig. 1 24, the content data C 
encrypted by the content key data Kc, the content key 
data Kc, and the usage control policy data 1 06 are trans- 

45 mitted from the content provider 301 to the service pro- 
vider 310 in a format not depending upon the commu- 
nication protocol. Also, the content data C, content key 
data Kc, usage control policy data 1 06, and the price tag 
data 312 are transmitted from the service provider 310 

so to the SAM 305 1 etc. Namely, the content data C, con- 
tent key data Kc, usage control policy data 1 06, and the 
price tag data 312 are transmitted not in the file format 
and by the same route. 

[1321] Also, as shown in Fig. 125, the content data C 
55 encrypted by the content key data Kc is transmitted from 
the content provider 301 to the service provider 310 in 
a format not depending upon the communication proto- 
col. Then, the content data C and the price tag data 312 
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are transmitted from the service provider 31 0 to the SAM 
305 1 etc. in a format not depending upon the communi- 
cation protocol. Also, the content key data Kc and the 
usage control policy data 106 are transmitted from the 
EMD service center 302 to the SAM 305 1 etc. Namely, 
the content data C, content key data Kc, and the usage 
control policy data 1 06 are transmitted not in the file for- 
mat and by different routes. 

12th modification of second embodiment 

[1322] In the EMD system 300 shown in Fig. 59 men- 
tioned above, for example, as shown in Fig. 126, the 
user home network 303 can distribute a secure contain- 
er 304A in accordance with the secure container 304 
received from the service provider 31 0 to the user home 
network 303a in response to a request S303a from a 
SAM of the user home network 303a too. 
[1323] In this case, it can be considered that the SAM 
of the user home network 303 functions in the same way 
as the service provider 3 1 0 explained in the second em- 
bodiment. 

[1324] In this case, the SAM of the user home network 
303a can uniquely newly set the price tag data 312. 
[1325] Then, the purchase form of the content data C 
is determined in the SAM of the user home network 
303a, and the usage log data 304a etc. in accordance 
with that are transmitted from the SAM of the user home 
network 303a to the EMD service center 302. 
[1326] In the EMD service center 302, based on the 
usage log data 304a, the settlement processing for dis- 
tributing the money paid by the user of the user home 
network 303a to the user of the content provider 301, 
service provider 31 0, and user home network 303 is car- 
ried out. 

[1327] Note that, the file inclusion size relationships 
of the secure containers in the present embodiment can 
be expressed as shown in Fig. 127. 

Third embodiment 

[1328] Figure 128 is a view for explaining the EMD 
system of a third embodiment of the present invention, 
while Fig. 129 is a functional block diagram of the EMD 
service center shown in Fig. 128. 
[1329] In Fig. 129, components given the same refer- 
ence numerals as those used in the above first embod- 
iment and second embodiment are the same as the 
components having the same reference numerals ex- 
plained in these embodiments. 

[1 330] In the EMD system of the present embodiment, 
the content provider 301 sends the master source (con- 
tent data) S1 1 1 etc. to the EMD service center 302, and 
for example the content file CF shown in Fig. 5A is pro- 
duced in the EMD service center 302. 
[1331] Also, the content provider 301 sends the con- 
tent ID, content key data Kc, and the electronic water- 
mark management information (contents of the elec- 



tronic watermark information buried in the content data) 
of the content data S1 1 1 , the identifier C P_ID of the con- 
tent provider 301 , the identifier SPJD of the service pro- 
vider 31 0, and the suggested retailer's price SRP of the 
5 content data to the EMD service center 302, and the key 
file KF shown in Fig, 5B is produced in the EMD service 
center 302. 

[1332] Also, the EMD service center 302 stores the 
produced content file CF in the CF database 802a, at- 
10 taches global unique content IDs to the individual con- 
tent files CF, and centrally manages them. Also, the 
EMD service center 302 stores the key file KF in the KF 
database 1 53a and centrally manages also this by using 
the content ID. 

1 $ [1 333] An explanation will be made of the processing 
in the EMD service center 302 by referring to Fig. 129. 
[1334] The EMD service center 302 stores the master 
source Sill received from the content provider 301 in the 
content master source database 801 . 

20 [1335] Next, in the electronic watermark information 
addition unit 112, the electronic watermark information 
indicated by the electronic watermark management in- 
formation received from the content provider301 is bur- 
ied in the master source S111 read out from the content 

25 master source database B1 0 to produce the content da- 
ta S112. 

[1336] Next, in the compression unit 113, the content 
data S112 is compressed to produce the content data 
S113. 

30 [1 337] The content data S1 1 2 is expanded at the ex- 
pansion unit 1 1 6 and then checked audially in the audial 
check unit 123. If necessary, the electronic watermark 
information is buried again by the electronic watermark 
information addition unit 112. 

35 [1338] Next, in the encryption unit 114, the content da- 
ta S1 13 is encrypted by using the content key data Kc 
to produce the content data S114. 
[1339] Next, in the CF preparation unit 802, the con- 
tent file CF shown in Fig. 5A storing the content data 

40 S114 etc. is produced, and the content file CF is stored 
in a CF database 802a. 

[1340] Also, in the EMD service center 302, in the KF 
preparation unit 153, the key file KF shown in Fig. 5B is 
produced, and the key file KF is stored in a KF database 
45 153a. 

[1341] Next, in the secure container preparation unit 
804, a secure container 806 storing the content file CF 
read out from the CF database 802a and the key file KF 
read out from the KF database 153a is produced, and 
so the secure container 806 is stored in the secure contain- 
er database 805. 

[1 342] Thereafter, the secure container database 805 
is accessed by the service provider 31 0, and the secure 
container 806 is supplied to the service provider 31 0. 
55 [1343] Next, the service provider 310 produces a se- 
cure container 807 storing the content file CF and key 
file KF stored in the secure container 806 and the price 
tag data 312 indicating the sales price of the content 
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data. 

[1344] Then, the service provider 310 distributes the 
secure container 807 to the user home network 303 by 
using the predetermined communication protocol and in 
a format not depending upon the related communication 5 
protocol or by storing the same in a storage medium. 
[1345] In the user home network 303, in the case of 
on-line, the secure container 807 is provided to the SAM 
305., etc. via the CA module 311, in the SAM 305 1 etc., 
the content key data Kc, usage control policy data 106, 
etc. stored in the key file KF are decrypted by using the 
distribution use key data KD 1 to KD 3 or the like, and the 
handling such as the purchase form of the content data 
stored in the content file CF is determined based on the 
decrypted usage control policy data 106. 
[1346] Also, in the SAM 305 1 etc., the usage log data 
308 indicating the purchase log etc. of the content data 
is produced, and the usage log data 308 is transmitted 
to the EMD service center 302. 

[1 347] Also, where the secure container 807 is distrib- 
uted from the SAM 305 2 of the user home network 303 
to the SAM 305! 2 of the user home network 303a, 
processing similar to that in the SAM 305 2 is carried out 
in the SAM 305 12 , and the usage log data 308 is trans- 
mitted from the SAM 305 12 to the EMD service center 
302. 

[1348] Note that, the processings with respect to the 
secure container 807 in the user home networks 303 
and 303a are the same as the processings in the user 
home networks 1 03 and 303 in the first embodiment and 
second embodiment mentioned above. 
[1349] Also, in the example shown in Fig. 128, the 
case where the secure container storing the content file 
CF and the key file KF was transmitted from the EMD 
service center 302 to the service provider 31 0 and from 
the service provider 31 0 to the user home network 303 
(the case of in-band) was exemplified, but it is also pos- 
sible to separately transmit the content file CF and the 
key file KF by the same route (the case of out-of-band). 
[1350] Also, as shown in Fig. 130, it is also possible 
if the content file CF produced in the EMD service center 
302 is supplied to the service provider 310, the service 
provider 310 supplies the content file CF to the user 
home network 303 and, at the same time, the key file 
KF produced in the EMD service center 302 is supplied 
from the EMD service center 302 to the SAM 305 2 and 
SAM 305 12 of the user home networks 303 and 303a. 

Fourth embodiment 

[1351] Figure 131 is a view for explaining the EMD 
system of a fourth embodiment of the present invention. 
[1352] In the EMD system of the present embodiment, 
the content provider 301 produces for example the con- 
tent file CF shown in Fig. 5A and sends this to the EMD 
service center 302. 

[1353] Also, the content provider 301 sends the con- 
tent ID of the content data, content key data Kc, elec- 



tronic watermark management information (contents of 
the electronic watermark information to be buried in the 
content data and the burial position information), iden- 
tifier CPJD of the content provider 301 , identifier SP_ID 
of the service provider 310 providing the content data, 
and the suggested retailer's price SRP of the content 
data to the EMD service center 302, and the key file KF 
shown in Fig. 5B is produced in the EMD service center 
302. 

[1 354] Also, the EMD service center 302 stores the 
contentf ile CF in the database 802a, attaches the global 
unique content IDs to individual content files CF, and 
centrally manages them. Also, the EMD service center 
302 stores the produced key file KF in the KF database 
153a and centrally manages it by using the content ID, 
[1355] Also, in the EMD service center 302, the se- 
cure container 806 storing the content file CF read out 
from the CF database 802a and the key file KF read out 
from the KF database 153a is produced, and the secure 
container 806 is stored in the secure container data- 
base. 

[1356] Thereafter, the secure container database is 
accessed by the service provider 310 and the secure 
container 806 is supplied to the service provider 310. 
[1 357] Next, the service provider 310 produces a se- 
cure container 807 storing the content file CF and key 
file KF stored in the secure container 806 and the price 
tag data 312 indicating the sales price of the content 
data. 

[1358] Then, the service provider 31 0 distributes the 
secure container 807 to the user home network 303 by 
using a predetermined communication protocol in a for- 
mat not depending upon the related communication pro- 
tocol or by storing the same in a storage medium. 
[1359] In the user home network 303, in the case of 
on-line, the secure container 807 is provided to the SAM 
305-, etc. via the CA module 311 , in the SAM 305., etc., 
the content key data Kc and usage control policy data 
106 etc. stored in the key file KF are decrypted by using 
the distribution use key data KD., to KD 3i and the han- 
dling such as the purchase form of the content data 
stored in the content file CF is determined based on the 
decrypted usage control policy data 106. 
[1360] Also, in the SAM 305 1 etc., the usage log data 
308 indicating the purchase log etc. of the content data 
is produced, and the usage log data 308 is transmitted 
to the EMD service center 302. 

[1 361 ] Also, where the secure container 807 is distrib- 
uted from the SAM 305 2 of the user home network 303 
to the SAM 305 12 of the user home network 303a, 
processing similar to that of the SAM 305 2 is carried out 
in the SAM 305 12 , and the usage log data 308 is trans- 
mitted from the SAM 305 12 to the EMD service center 
302. 

[1362] Note that, the processings with respect to the 
secure container 807 in the user home networks 303 
and 303a are the same as the processings in the user 
home networks 1 03 and 303 in the first embodiment and 
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second embodiment mentioned above, 
[1363] Also, in the example shown in Fig. 131, the 
case where the secure container storing the content file 
CF and the key file KF was transmitted from the EMD 
service center 302 to the service provider 31 0 and from 
the service provider 31 0 to the user home network 303 
(the case of in-band) was exemplified, but it is also pos- 
sible to separately transmit the content file CF and the 
key file KF by the same route (the case of out-of-band). 
[1364] Also, as shown in Fig. 132, it is also possible 
if the content file CF is supplied from the EMD service 
center 302 to the service provider 310, the service pro- 
vider 31 0 supplies the content file CF to the user home 
network 303 and, at the same time, the key file KF pro- 
duced in the EMD service center 302 is supplied from 
the EMD service center 302 to the SAM 305 2 and 
SAM305 12 of the user home networks 303 and 303a. 

Fifth embodiment 

[1365] Figure 133 is a view for explaining the EMD 
system of a fifth embodiment of the present invention. 
[1366] In the EMD system of the present embodiment, 
the content provider 301 produces for example the con- 
tent fiie CF shown in Fig. 5A. 

[1367] Also, the content provider 301 sends the con- 
tent ID of the content data, content key data Kc, elec- 
tronic watermark management information (contents of 
the electronic watermark information to be buried in the 
content data and the burial position information), iden- 
tifier CP JD of the content provider 301 , identifier SPJD 
of the service provider 310 providing the content data, 
and the suggested retailer's price SRP of the content 
data to the EMD service center 302, and the key file KF 
shown in Fig. 5B is produced in the EMD service center 
302. 

[1368] The EMD service center 302 sends the pro- 
duced key files KF to the content provider 301 . 
[1369] Also, the EMD service center 302 stores the 
key files KF in the KF database 1 53a and centrally man- 
ages the key files KF by using the content ID allocated 
to individual content data. At this time, the content ID is 
produced by for example the EMD service center 302 
and globally uniquely determined for all of the content 
data provided by a plurality of content providers 301 . 
[1370] Next, in the content provider 301, a secure 
container 821 storing the produced content files CF and 
the key files KF received from the EMD service center 
302 is produced, and the secure container 821 is stored 
in a common database 820. 

[1371] In the common database 820, secure contain- 
ers 821 provided by a plurality of content providers 301 
are centrally managed by using the content ID. 
[1372] The service provider 310 browses (searches 
through) the common database 820 by using for exam- 
ple the content ID, receives the intended secure con- 
tainer 821 from the common database 820, produces a 
secure container 822 obtained by further storing the 



price tag data 312 indicating the sales price of the con- 
tent etc. in the secure container 821 , and distributes the 
secure container 822 to the user home network 303. 
[1 373] In the user home network 303, the secure con- 

5 tainer 822 is provided to the SAM 305 1 etc. via the CA 
module 311 in the case of on-line, in the SAM 305-, etc., 
the content key data Kc and the usage control policy 
data 1 06 etc. stored in the key files KF are decrypted by 
using the distribution use key data KD 1 to KD 3 or the 

10 like, and the handling such as the purchase form of the 
content data stored in the content files CF is determined 
based on the decrypted usage control policy data 1 06. 
[1 374] Also, in the SAM 305 1 , etc., the usage log data 
308 indicating the purchase log etc. of the content data 

is is produced, and the usage log data 308 is transmitted 
to the EMD service center 302. 

[1375] Also, where the secure container 822 is distrib- 
uted from the SAM 305 2 of the user home network 303 
to the SAM 305 12 of the user home network 303a, 
20 processing similar to that in the SAM 305 2 is carried out 
in the SAM 305 12 , and the usage log data 308 is trans- 
mitted from the SAM 305 12 to the EMD service center 
302. 

[1 376] Note that, the processings with respect to the 
25 secure container 807 in the user home networks 303 
and 303a are the same as the processings in the user 
home networks 103 and 303 in the above first embodi- 
ment and the second embodiment. 
[1377] Also, in the example shown in Fig. 133, the 
30 case where the secure containers storing the content 
files CF and the key files KF were sent from the content 
provider 301 to the common database 820, from the 
common database 820 to the service provider 31 0 : and 
from the service provider 310 to the user home network 
35 303 (the case of in-band) was exemplified, but it is also 
possible to separately transmit the content files CF and 
the key files KF by the same route (the case of out-of- 
band). 

[1378] Also, as shown in Fig. 134, it is also possible 
40 jf the content files CF are stored in the common data- 
base 820 from the content providers 301 , the service 
provider 31 0 obtains the content files CF from the com- 
mon database 820 and, at the same time, the key files 
KF are sent from the EMD service center 302 to the serv- 
es ice provider 310. In this case, the service provider 310 
produces the secure container 822 by storing the con- 
tent files CF obtained from the common database 820, 
the key files KF obtained from the EMD service center 
302, and the price tag data 31 2. 
50 [1 379] The common database 820 centrally manages 
the content files CF by using the content IDs globally 
uniquely attached to the content data provided by a plu- 
rality of content providers 301 . 

[1380] Also, as shown in Fig. 135, it is also possible 
55 if the key files KF produced by the EMD service center 
302 are sent to the SAMs 305^ 305 12 , etc. of the user 
home networks 303 and 303a. In this case, the service 
provider 31 0 distributes the content files CF to the user 
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home network 303. 

[1381] The price tag data 312 may be distributed to 
the user home network 303 by the service provider 31 0 
too or may be distributed to the user home networks 303 
and 303a by the EMD service center 302 too. 

Sixth embodiment 

[1382] Figure 136 is a view for explaining the EMD 
system of a sixth embodiment of the present invention. 
[1383] When compared with the EMD system shown 
in Fig. 133 mentioned above, the EMD system of the 
present embodiment is different in the characteristic fea- 
tures that a plurality of EMD service centers 302 are pro- 
vided and that the content provider 301 performs the 
charge processing etc. with the corresponding EMD 
service centers 302, but is substantially the same in 
points other than that. 

[1384] The content provider 301 produces for exam- 
ple the content file CF shown in Fig. 5A. 
[1385] Also, the content provider 301 sends the con- 
tent ID of the content data, content key data Kc, elec- 
tronic watermark management information (contents of 
the electronic watermark information to be buried in the 
content data and the burial position information), iden- 
tifier CPJD of the content provider 301 , identifier SP JD 
of the service provider 310 providing the content data, 
and the suggested retailer's price SRP of the content 
data to one EMD service center 302 selected by itself 
(or determined in advance) among a plurality of EMD 
service centers 302, and the key file KF shown in Fig. 
5B is produced in the EMD service center 302. 
[1386] Also, the EMD service center 302 sends the 
produced key files KF to the corresponding content pro- 
vider 301. 

[1387] Also, the EMD service center 302 stores the 
key files KF in the KF database 1 53a and centrally man- 
ages the key files KF by using the content IDs allocated 
to individual content data. At this time, the content IDs 
are produced by for example the EMD service center 
302 and globally uniquely determinedforthe content da- 
ta corresponding to all secure containers 831 stored in 
the common database 830. 

[1388] Next, in the content provider 301, a secure 
container 831 storing the produced content files CF and 
the key files KF received from the EMD service center 
302 is produced, and the secure container 831 is stored 
in a common database 820. 

[1389] In the common database 830, secure contain- 
ers 831 provided by a plurality of content providers 301 
are centrally managed by using the content IDs. 
[1390] The service provider 310 browses (searches 
through) the common database 820 by using for exam- 
ple the content ID, receives the intended secure con- 
tainer 831 from the common database 820, produces a 
secure container 832 obtained by further storing for ex- 
ample the price tag data 312 indicating the sales price 
of the content in the secure container 831, and distrib- 



utes the secure container 832 to the user home network 
303. 

[1391] In the user home network 303, the secure con- 
tainer 832 is provided to the SAM 305! etc. via the CA 
s module 311 in the case of on-line, in the SAM 305! etc., 
the content key data Kc and the usage control policy 
data 1 06 etc. stored in the key files KF are decrypted by 
using the distribution use key data KD-, to KD 3 or the 
like, and the handling such as the purchase form of the 
10 content data stored in the content files CF is determined 
based on the decrypted usage control policy data 1 06. 
[1392] Also, in the SAM 305! etc., the usage log data 
308 indicating the purchase log etc. of the content data 
is produced, and the usage log data 308 is transmitted 
is to the EMD service center 302. 

[1 393] Also, where the secure container 822 is distrib- 
uted from the SAM 305 2 of the user home network 303 
to the SAM 305 12 of the user home network 303a 3 
processing similar to that in the SAM 305 2 is carried out 
in the SAM 305 12 , and the usage log data 308 is trans- 
mitted from the SAM 305 12 to the EMD service center 
302. 

[1394] Note that, the processings with respect to the 
secure container 807 in the user home networks 303 
and 303a are the same as the processings in the user 
home networks 103 and 303 in the above first embodi- 
ment and the second embodiment. 
[1395] Also, in the example shown in Fig. 136, the 
case where the secure containers storing the content 
files CF and the key files KF were sent from the content 
provider 301 to the common database 830, from the 
common database 830 to the service provider 31 0 : and 
from the service provider 31 0 to the user home network 
303 (the case of in-band) was exemplified, but it is also 
possible to separately transmit the content files CF and 
the key files KF by the same route (the case of out-of- 
band). 

[1396] Also, as shown in Fig. 137, it is also possible 
if the content files CF are stored in the common data- 
base 830 from the content providers 301 , the service 
provider 31 0 obtains the content files CF from the com- 
mon database 830 and, at the same time, the key files 
KF are sent from the EM D service center 302 to the serv- 
ice provider 310. At this time, the key file KF is sent to 
the content provider 301 from the EMD service center 
302 corresponding to the content provider301 produced 
the content file CF obtained by the service provider 310. 
[1 397] The service provider 31 0 stores the content file 
CF obtained from the common database 830, the key 
file KF obtained from the EMD service center 302, and 
the price tag data 312 to produce the secure container 
832. 

[1 398] The common database 830 centrally manages 
the content files CF by using the content IDs globally 
uniquely attached to the content data provided by a plu- 
rality of content providers 301 . 

[1399] Also, as shown in Fig. 138, it is also possible 
if the key files KF produced by the EMD service center 
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302 are sent to the SAMs 305.,, 305 12 , etc. of the user 
home networks 303 and 303a. Also at this time, the key 
files KF are sent to the SAMs 305 1 , 305 12? etc. from the 
EMD service center 302 corresponding to the content 
providers 301 preparing the content files CF provided to 
the SAM 305 v 305 12 , etc. 

[1400] Also, the service provider 310 distributes the 
content files CF to the user home network 303. The price 
tag data 312 may be distributed by the service provider 
310 to the user home network 303 too or may be dis- 
tributed by the EMD service center 302 to the user home 
networks 303 and 303a. 

Seventh embodiment 

[1401] Figure 139 is a view for explaining the EMD 
system of a seventh embodiment of the present inven- 
tion. 

[1402] The EMD system of the present embodiment 
is different when compared with the EMD system shown 
in Fig. 136 mentioned above in the point that the master 
source S111 of the content data is sent from the content 
provider 301 to the EMD service center 302 and the con- 
tent file CF is produced in the EMD service center 302. 
The points other than that are substantially the same. 
[1403] The content provider 301 sends the master 
source S111 of the content data to one EMD service 
center 302 selected by itself (or determined in advance) 
among a plurality of EMD service centers 302, and the 
content file CF shown in Fig. 5A is produced in the EMD 
service center 302. 

[1404] The EMD service center 302 sends the pro- 
duced content file CF to the corresponding content pro- 
vider 301 . 

[1405] Also, the content provider 301 sends the con- 
tent ID of the content data, content key data Kc, elec- 
tronic watermark management information (contents of 
the electronic watermark information buried in the con- 
tent data), identifier CPJD of the content provider 301 , 
identifierSP_IDoftheserviceprovider310providingthe 
content data, and the suggested retailer's price data 
SRP of the content data to the above one corresponding 
EMD service center 302, and the key file KF shown in 
Fig. 5B is produced in the EMD service center 302. 
[1406] The EMD service center 302 sends the pro- 
duced key file KF to the corresponding content provider 
301. 

[1407] Also, the EMD service center 302 stores the 
content files CF in the CF database 802a, stores the key 
files KF in the KF database 1 53a, and centrally manages 
the content files CF and the key files KF by using the 
content IDs allocated to the individual content data. At 
this time, the content IDs are produced by for example 
the EMD service center 302 and globally uniquely de- 
termined for the content data corresponding to all se- 
cure containers 831 stored in the common database 
840. 

[1408] Next, in the content provider 301, a secure 



container 841 storing the content file CF and the key file 
KF received from the corresponding EMD service center 
302 is produced, and the secure container 841 is stored 
in the common database 840. 

5 [1 409] In the common database 840, secure contain- 
ers 841 provided by a plurality of content providers 301 
are centrally managed by using the content ID. 
[1410] The service provider 310 browses (searches 
through) the common database 840 by using for exam- 

to pie the content ID, receives the intended secure con- 
tainer 841 from the common database 840, produces a 
secure container 842 obtained by further storing for ex- 
ample the price tag data 312 indicating the sales price 
of the content in the secure container 841 , and distrib- 

15 utes the secure container 842 to the user home network 
303. 

[1 41 1 ] In the user home network 303, the secure con- 
tainer 842 is provided to the SAM 305 1 etc. via the CA 
module 311 in the case of on-line, in the SAM 305 1 etc., 

20 the content key data Kc and the usage control policy 
data 1 06 etc. stored in the key files KF are decrypted by 
using the distribution use key data KD 1 to KD 3 or the 
like, and the handling such as the purchase form of the 
content data stored in the content files CF is determined 

25 based on the decrypted usage control policy data 1 06. 
[1412] Also, in the SAM 305 1 etc., the usage log data 
308 indicating the purchase log etc. of the content data 
is produced, and the usage log data 308 is transmitted 
to the EMD service center 302. 

30 [1413] Also, where the securecontainer 822 is distrib- 
uted from the SAM 305 2 of the user home network 303 
to the SAM 305 12 of the user home network 303a, 
processing similar to that in the SAM 305 2 is carried out 
in the SAM 305 12 , and the usage log data 308 is trans- 

35 mitted from the SAM 305 12 to the EMD service center 
302. 

[1 414] Note that, the processings with respect to the 
secure container 807 in the user home networks 303 
and 303a are the same as the processings in the user 

40 home networks 1 03 and 303 in the above first embodi- 
ment and the second embodiment. 
[1415] Also, in the example shown in Fig. 139, the 
case where the secure containers storing the content 
files C F and the key files KF were sent from the content 

^ provider 301 to the common database 840, from the 
common database 840 to the service provider 31 0 : and 
from the service provider 31 0 to the user home network 
303 (the case of in-band) was exemplified, but it is also 
possible to separately transmit the content files CF and 

50 the key files KF by the same route (the case of out-of- 
band). 

[1416] Also, as shown in Fig. 140, it is also possible 
if the content files CF are stored in the common data- 
base 830 from the content providers 301 , the service 
55 provider 31 0 obtains the content files CF from the com- 
mon database 840 and, at the same time, the key files 
KF are sent from the EMD service center 302 to the serv- 
ice provider 310. At this time, the key files KF are sent 
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to the content provider 301 from the EMD service center 
302 corresponding to the content providers 301 prepar- 
ing the content files CF obtained by the service provider 
310. 

[1 41 7] The service provider 3 1 0 stores the content file 
CF obtained from the common database 840, the key 
file KF obtained from the EMD service center 302, and 
the price tag data 312 to produce the secure container 
842. 

[1 41 8] The common database 830 centrally manages 
the content files CF by using the content IDs globally 
uniquely attached to the content data provided by a plu- 
rality of content providers 301 . 

[1419] Also, as shown in Fig. 141, it is also possible 
if the key files KF produced by the EMD service center 
302 are sent to the SAMs 305.,, 305 12 , etc. of the user 
home networks 303 and 303a. Also at this time, the key 
files KF are sent to the SAMs 305 1 , 305 12 , etc. from the 
EMD service center 302 corresponding to the content 
providers 301 preparing the content files CF provided to 
the SAMs 305^ 305 12) etc. 

[1420] Also, the service provider 310 distributes the 
content files CF to the user home network 303. The price 
tag data 312 may be distributed by the service provider 
310 to the user home network 303 too or may be dis- 
tributed by the EMD service center 302 to the user home 
networks 303 and 303a. 

Eighth embodiment 

[1421] Figure 142 is a view for explaining the EMD 
system of an eighth embodiment of the present inven- 
tion. 

[1 422] In the EMD system of the present embodiment, 
for example, the content file CF shown in Fig. 5A pro- 
duced by the EMD service center 302 by using the mas- 
ter source provided from the content provider 301 to the 
EMD service center 302 or the content file CF shown in 
Fig. 5A produced by the content provider 301 and pro- 
vided to the EMD service center 302 and the key file KF 
shown in Fig. 5B produced by the EMD service center 

302 are distributed by the EMD service center 302 via 
the service provider 310 or directly to the SAM 305-, of 
the user home network 303. 

[1 423] Here : the service provider 31 0 sends the price 
tag data312 indicating the sales price of the content file 
CFto the user home network 303 and, at the same time, 
registers and authenticates the price tag data 31 2 in the 
EMD service center 302. 

[1424] Also, the service provider 310 registers itseff 
in the EMD service center 302 as the distribution busi- 
ness. 

[1 425] In the EMD system of the present embodiment, 
for example, the SAM 305., of the user home network 

303 becomes the distribution business for distributing 
the content files CF and key files KF obtained from the 
service provider 310 or the EMD service center 302 to 
the SAM 305 2 in the user home network 303 and/or SAM 



305 12 etc. in the user home network 303a. 
[1 426] Note, in this case, for example, the EMD serv- 
ice center 302 prohibits selling (redistributing) the pur- 
chased content data C while adding a certain sales mar- 
5 gin to obtain a profit after the SAM 305., purchases the 
content data C stored in the content file CF. 
[1 427] In the EM D system of the present embodiment, 
it is permitted to the SAM 305., to copy the content data 
C to another SAM under the condition that content data 
for which the purchase form is not determined or content 
data C for which reproduction charge is determined as 
the purchase form is redistributed without a sale profit 
margin. Note that, this will be referred to as inter-appa- 
ratus redistribution. 

[1 428] Also, in the EMD system of the present embod- 
iment, inter-apparatus trade in a form without a sale 
profit margin is permitted for a content file CF (or secure 
container) distributed from the service provider 310 to 
the SAM 305 v 

[1429] Also, in the present embodiment, where the 
SAM 305., performs sells (distributes) the content data 
C in a form taking a sales profit margin, the SAM 305., 
registers itself in the EMD service center 302 as distri- 
bution business and receives permission and, at the 
same time, registers the price tag data 312 indicating 
the sales price of the content data C in the EMD service 
center 302. Then, it directly receives the content file CF 
and the key file KF from the CF database 802a and the 
KF database 153a in the EMD service center 302 not 
via the service provider 31 0. 

Ninth embodiment 

[1430] Figure 143 is a view for explaining the EMD 
system of a ninth embodiment of the present invention. 
[1 431 ] In the EM D system of the present embodiment, 
the characteristic feature resides in that each of the con- 
tent providers 301 functions as an EMD service center 
302 in addition functioning as a content provider. 
[1 432] In this case, where there are a plurality of con- 
tent providers, each content provider 301 functions as 
an EMD service center 302. 

[1433] A content provider 301 distributes a secure 
container 851 storing the content file CF and the key file 
KF to the service provider 31 0. 

[1 434] The service provider 310 further adds the price 
tag data 312 to the content file CF and the key file KF 
stored by the secure container 851 to produce a secure 
container 852 and distributes this to the user home net- 
work 303. 

[1435] In the user home networks 303 and 303a, the 
purchase form etc. of the content file CF are determined 
based on the usage control policy data 1 06 stored in the 
key file KF, the usage log data 308 in accordance with 
that is produced, and this is transmitted to the EMD serv- 
ice center 302 in the content provider 301 . 
[1 436] At this time, the usage log data 308 is produced 
for every content provider 301 . 
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[1437] The EMD service center 302 of the content 
provider 301 distributes the profit paid by the users of 
the SAMs 305 1 and 305 12 with the corresponding serv- 
ice provider 310 based on the usage log data 308. 
[1438] Also, the log data concerning the distribution 
service is sent from the CA module 31 1 of the user home 
network 303 to the corresponding service provider 31 0, 
whereby the charge processing with respect to the dis- 
tribution service is carried out in the service provider 
310. 

[1439] The present invention is not limited to the 
above embodiments. 

[1 440] In the above embodiments, the case where au- 
dio data was used as the content data was exemplified, 
but it is also possible to use video data, audio and/or 
video data, text data, and a computer program or the 
like as the content data. 

[1441] Also, in the above embodiments, the case 
where the key files KF were produced in the EMD serv- 
ice centers 102 and 302 was exemplified, but it is also 
possible to produce the key files KF in the content pro- 
viders 101 and 301 . 

[1442] In this case, the format of the key file KF cor- 
responding to Fig. 7 becomes as shown in Fig. 144. As 
shown in Fig. 144, the related key file KF has basically 
the same information as the key file KF shown in Fig. 7 
except that signature data produced by using the secret 
key data Kcpg of the content providers 1 01 and 301 are 
used. 

[1443] Also, in the above embodiments, the case 
where the usage control status data 166 is transmitted 
from the user home networks 103 and 303 to the EMD 
service centers 102 and 302 in real time was exempli- 
fied, but it is also possible if the usage control status 
data 1 66 is transmitted to the content providers 1 01 and 
301 and/or service provider 310. By this, the content 
providers 101 and 301 and the service provider 310 can 
quickly grasp the purchase situation of the contents pro- 
vided and distributed by themselves and can reflect the 
same in their service thereafter. 

[1444] Below, effects by the EMD system of the above 
embodiments will be explained again while mentioning 
the related art and the problems thereof. 
[1445] With the ROM type storage media which had 
been used as the means for distributing digital content 
(content data) in the days when digital broadcasts (data 
broadcasts) and the Internet and other digital networks 
were not so developed, the digital content was stored 
and distributed in an unencryped state. In the days when 
the digital network was not so developed, it was enough 
to consider methods for preventing casual copying by 
users on the user home network for the protection of the 
copyrights of these contents. 

[1446] In recent days where the digital network has 
been developed, however, since ROM type storage me- 
dia carrying unencrypted content can be obtained by 
general citizens anytime and everywhere, any individual 
can purchase one and easily compress and upload the 



data on the network. Particularly, the Internet is a net- 
work connecting the entire world. Therefore, it becomes 
possible to freely upload the unencrypted content on the 
Internet and for people to download it on their own per- 
5 sonal terminals. Accordingly, there has arisen a possi- 
bility of serious infringement of the copyrights of the 
owners of the content (content providers). 
[1447] Further, it also becomes possible for people 
not to upload the content in the unencrypted state, but 
10 to bury electronic watermark information of their own in 
that content, encrypt the data, and charge for the data 
on their own and thereby deliberately sell the digital con- 
tent on the Internet behind the scenes without the per- 
mission of the copyright owner. At this time, since a 
*5 share of the sales is not returned to the owner of the 
content, the copyright of the owner of the content (con- 
tent providers) will be seriously infringed. 
[1448] Also, by getting the permission of the copyright 
owner and concluding a contract for returning part of the 

20 sales to the owner of content (content provider) in ad- 
vance, it becomes possible to offer a distribution service 
capable of generating profit by distributing the digital 
content, but basically the content provider does not fa- 
vor circulation by such a secondary usage of content. 

25 Rental, secondhand sale, etc. are other types of busi- 
ness by secondary usage of the content, 
[1449] When a distribution service by secondary us- 
age appears, the problem of infringement of copyrights 
is sure to occur, so a long time is taken for setting up 

30 the service in the right direction. The distribution service 
ends up being first started without establishing a con- 
tract with the content provider. After the problem of in- 
fringement of copyrights occurs, the distribution of profit 
to the owners and protection of the copyrights start to 

35 be considered and permission as the distribution service 
is obtained. The rental CD and the rental video busi- 
nesses correspond to this. The secondhand sale of 
game software etc. is a serious problem. In the second- 
hand sale of game software, part of the profit from the 
sales is not returned to the owners of the content. The 
owners have brought court actions against this, but 
these have been dismissed. This is very hard on the 
owners. Secondhand game software is sold in large vol- 
umes with a price of half or less of new software, there- 

45 fore the market is very attractive for the users and a large 
influence is exerted upon the sale of new software. 
[1 450] Secondary usage of content means when a us- 
er who purchases a ROM type storage medium on 
which digital content has been already stored by the 

50 owner of the content using the ROM type storage me- 
dium distributed as a circulating means to obtain a profit 
further circulates the product. The fact that the purchas- 
ing user obtains a profit is not considered desirable from 
the standpoint of the (content provider) owner even if 

55 part of the profit is returned to it. With movie content etc. , 
the owner of the content is protected by law in the form 
of recording rights/distribution rights. When purchasing 
content which an owner circulates in the public, the as- 
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sumption is that it not be circulated further from the pur- 
chasing user. Groups of owners of game software have 
raised suits at courts to suppress secondary usage busi- 
nesses attempting to apply such distribution right to 
game software as well. 

[1 451 ] Owners of content want to get distributors dis- 
tributing digital content which they hold copyrights to un- 
der their control (they would like to know to whom the 
content is being distributed to). When there is a distrib- 
utor desiring to distribute digital content to which one 
holds a copyright so as to provide a distribution service 
and make a profit, a system is desirable by which the 
owner of the content can directly supply the digital con- 
tent. 

[1 452] Note that the distributor spoken of here desig- 
nates a business that obtains a profit by collecting the 
profit margin of a few percent with respect to the price 
of the digital content. 

[1 453] A case where a profit margin is collected when 
delivering digital content to another apparatus/storage 
medium is defined as a content trade session distribu- 
tion service, while a case where a profit margin is not 
collected is defined as inter-apparatus redistribution. 
The latter is legal under the principle of supra-distribu- 
tion. 

[1454] In the current system for management of dis- 
tribution of digital content over the network where the 
service provider authors the content of its own distribu- 
tion service from a ROM type storage medium storing 
unencrypted content circulated by the content provider 
for a distribution service, when considering the situation 
where one digital content owned by the content provider 
is distributed by a plurality of service providers, irrespec- 
tive of the fact that it is identical content, authoring is 
carried out so that the rights are cleared by a CA module/ 
electronic settlement tool employed by each service 
provider. Therefore, the formats of the encryption key 
(content key data) to be used and the licensing condi- 
tions of the content (usage control policy data) are dif- 
ferent according to each service provider, so common 
rights clearing rules cannot be provided on the user 
home network. In such a case, by settling up for all of 
the key data used by the CA modules/electronic settle- 
ment tools by the CA modules/electronic settlement 
tools of the network apparatuses and then following the 
SCMS rules, common rights clearing rules can be real- 
ized on the user home network. 

[1455] Also, even if the content encrypted by the key 
of a CA module/electronic settlement tool and the key 
data are passed through the network apparatus as they 
are and stored on a storage medium of the storage ap- 
paratus via the user home network bus (IEEE1394 or 
the like) and the purchase and settlement processing of 
the content can be performed remotely through the net- 
work apparatus from an apparatus connected to the 
1394 bus, since there is a descrambler for decrypting 
the encrypted content in the network apparatus, in the 
end, reproduction cannot be carried out unless the con- 



tent and the key data are returned back to the network 
apparatus at the time of reproduction (network CA). 
[1 456] As explained above, the existence of the ROM 
type storage medium storing unencrypted content, 

5 which has been widely circulated in the world up to the 
present, is at the root of the problem for current digital 
content network distribution services. This is a system 
where the form of the digital content can be produced 
by a person other than the content provider and where 

10 a person selling the content to a user can obtain pay- 
ment for it. Therefore, the profit of the content provider 
is illegitimately infringed by_secondary usage of the 
content. Also, the distribution of the authored digital con- 
tent is not strictly managed by the content provider, 

'5 therefore it is difficult to monitor all profits earned by the 
digital content which it holds a copyright to and if its 
share of the profits is being returned to it. 
[1457] The EMD system of the embodiments ex- 
plained above solves the conventional problems men- 

20 tioned above. 

[1 458] Namely, in the EMD system of the present em- 
bodiment, the digital contents authored by the content 
provider are all managed in a database on the content 
provider side by preparing content format and usage 

25 control policy data on the content provider side. The us- 
age control policy data of the content is further authen- 
ticated and registered in the EMD service center (clear- 
inghouse) as a third party reliable authority manager. 
[1 459] By doing this, the interested parties of the con- 

30 tent provider can place the rights clearing rules of the 
digital content completely under their control and man- 
age the distribution channels at the content provider 
side. Also, in the present case, steps are taken so that 
a distributor interposed between the user cannot seethe 

35 content of the data of the usage control policy produced 
at the content provider side. 

[1460] Also, in the EMD system of the present embod- 
iment, the ROM type storage medium is considered as 
one means of distribution and the existence of the digital 

40 content stored there is freed from the ROM type storage 
medium. A content format having value of existence by 
solely digital content without regard as to means of dis- 
tribution and channels of distribution is proposed. The 
digital content is managed in a certain prescribed format 

45 on the content provider side. Therefore, by considering 
the mounting of the digital content of that format in a 
ROM type storage medium, whether the content is cir- 
culated as a ROM type storage medium or circulated 
over a digital network, it becomes possible to provide 

so common rights clearing rules for ROM -> RAM and for 
network -> RAM on the user home network. This is pro- 
vided so that sale sessions of the digital content are all 
defined and managed by the content provider. Due to 
this, common rights clearing not depending on the 

55 means of distribution or the channel of distribution be- 
comes possible. Also, by stipulating this format of con- 
tent defined at the content provider side as the minimum 
unit for trading the digital content, common rights clear- 
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ing rules can be provided without regard as to the type 
of the content format used in the subsequent distribution 
process. By returning the charge information produced 
at the time of purchase at the user home network not to 
the service provider, but to the EMD service center as 
a third party reliable authority manager and returning it 
therefrom to the service provider, the problems of the 
business of secondary usage of content were solved. 
[1461] As explained above, according to the present 
invention, it becomes possible to handling data in the 
data processing device of the content data provided by 
the data providing apparatus based on the usage control 
policy data of the data providing apparatus, 
[1 462] As a result, it becomes possible to suitably pro- 
tect profit according to the content data by the interested 
party of the data providing apparatus and, at the same 
time, the load of the inspection by the related interested 
party can be reduced. 



Claims 



said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data, 
said data providing apparatus provides said 
content data encrypted by using said content 
key data ; and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said key file and determines the 
handling of said content data based on the re- 
lated decrypted usage control policy data. 



2. 



10 



15 



20 



1 . A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 25 
apparatus and said data processing apparatus by 
a management apparatus, wherein 



30 



35 



40 



A data providing system as set forth in claim 1, 
wherein said management apparatus adds signa- 
ture data for verification of the legitimacy of the pro- 
ducer of the key file to the key file. 45 

A data providing system as set forth in claim 1, 
wherein said data providing apparatus prepares a 
content file storing the content data and provides 
the content file to the data processing apparatus. so 

A data providing system as set forth in claim 3, 
wherein said data providing apparatus adds signa- 
ture data for verification of the legitimacy of the pro- 
ducer of the content file to the content file. 55 



5. A data providing system as set forth in claim 1, 
wherein 



the data providing apparatus prepares usage 
control policy data and sends it to said manage- 
ment apparatus, 

said data processing apparatus determines at 
least one of the purchase form and the usage 
form of the distributed content data based on 
the usage control policy data and sends log da- 
ta showing the log of at least one of the pur- 
chase form and usage form decided to said 
management apparatus, and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
viding apparatus based on the received log da- 
ta. 

A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data, 
said data providing apparatus distributes a 
module storing a content file storing the content 
data encrypted by using said content key data 
and said key file received from said manage- 
ment apparatus to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module and de- 
termines the handling of said content data 
based on the related decrypted usage control 
policy data. 

A data providing system as set forth in claim 6, 
wherein said management apparatus generates 
signature data for verifying the legitimacy of the pro- 
ducer of the key file and prepares the key file further 
storing that signature data. 

A data providing system as set forth in claim 6, 
wherein 

the data providing apparatus generates said 
content key data and usage control policy data 
and sends them to said management appara- 
tus and 

said management apparatus prepares said key 
file based on said received content key data 
and usage control policy data and registers the 
prepared key file. 
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9. A data providing system as set forth in claim 7, 
wherein said data providing apparatus prepares 
signature data for verifying at least one of the legit- 
imacy of a producer and distributor of the content 
key file and the distributor of the key file and distrib- 
utes said module further storing the signature data 
to said data processing apparatus. 

10. A data providing system as set forth in claim 9, 
wherein said data processing apparatus verifies the 
signature data stored in the module to verify at least 
one of the legitimacy of a producer and distributor 
of the content file and a producer and distributor of 
the key file. . 

11. A data providing system as set forth in claim 6, 
wherein said management apparatus 

prepares said key file storing said content key 
file and said usage control policy data encrypt- 
ed using distribution use key data and 
distributes said distribution use key data to said 
data processing apparatus. 

12. A data providing system as set forth in claim 6, 
wherein said management apparatus and said data 
processing apparatus comprise a plurality of distri- 
bution use key data of defined periods of validity 
and use distribution use key data of corresponding 
periods. 

13. A data providing system as set forth in claim 11, 
wherein 

said data providing apparatus prepares signa- 
ture data using its own secret key data and 
said data processing apparatus verifies the le- 
gitimacy of the signature data using public key 
data corresponding to said secret key data. 

1 4. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data, 
said data providing apparatus distributes a 
module storing a content file containing content 
data encrypted by using said content key data 
and the key file received from said manage- 
ment apparatus to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 



data stored in said distributed module and de- 
termines the handling of said content data 
based on the related decrypted usage control 
policy data. 

5 

1 5. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 

10 a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating 
15 handling of said content data, 

said data providing apparatus individually dis- 
tributes the content file storing the content data 
encrypted by using said content key data and 
said key file received from said management 
20 apparatus to said data processing apparatus, 

and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
25 termines the handling of the content data stored 

in said distributed content file based on the re- 
lated decrypted usage control policy data. 

16. A data providing system for distributing content data 
30 from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

35 said management apparatus prepares a key 

file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data and distributes 
the related prepared key file to said data 
*o processing apparatus, 

said data providing apparatus distributes a con- 
tent file storing the content data encrypted by 
using said content key data to said data 
processing apparatus, and 
45 said data processing apparatus decrypts said 

content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
50 fated decrypted usage control policy data. 

1 7. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 

55 apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
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file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data, 
said data providing apparatus distributes a 
module storing the content data encrypted by 5 
using said content key data and said key file 
received from said management apparatus to 
said data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 10 
data stored in said distributed module and de- 
termines the handling of said content data 
based on the related decrypted usage control 
policy data. 

15 

1 8. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 

a management apparatus, wherein 20 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating 
handling of said content data, 25 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 
processing apparatus, and 30 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said distributed con- 
tent data based on the related decrypted usage 35 
control policy data. 

1 9. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 40 
apparatus and said data processing apparatus by 

a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 45 
crypted usage control policy data indicating 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data processing apparatus distributes the so 
content data encrypted by using said content 
key data to said data processing apparatus, 
and 

said data processing apparatus decrypts said 
content key data and said usage control policy 55 
data stored in said distributed key file and de- 
termines the handling of said distributed con- 
tent data based on the related decrypted usage 



control policy data. 

20. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating handling of said con- 
tent data, 

said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data, said encrypted content 
key data received from said management ap- 
paratus, and said encrypted usage control pol- 
icy data to said data processing apparatus, and 
said data processing apparatus decrypts said 
distributed content key data and said usage 
control policy data and determines the handling 
of the content data stored in said distributed 
content file based on the related decrypted us- 
age control policy data. 

21 . A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating handling of said con- 
tent data and distributes the same to said data 
processing apparatus, 

said data providing apparatus distributes the 
content data encrypted by using said content 
key data to said data processing apparatus, 
and 

said data processing apparatus decrypts said 
distributed, content key data and said usage 
control policy data and determines the handling 
of said distributed content data based on the 
related decrypted usage control policy data. 

22. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a data 
processing apparatus, and a management appara- 
tus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides said 
content data encrypted by using said content 
key data, 
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said data distribution apparatus distributes said 
provided content data to said data processing 
apparatus , and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said key file and determines the 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 

23. A data providing system as set forth in claim 22, 
wherein 

said data providing apparatus provides a first 
module storing content data encrypted by using 
said content key data, said encrypted content 
key data, and encrypted usage control policy 
data showing the handling of the content data 
to said data distribution apparatus, 
said data distribution apparatus distributes a 
second module storing said encrypted content 
data, content key data , and usage control policy 
data stored in said received first module to said 
data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta based on the related decrypted usage control 
policy data. 

24. A data providing system as set forth in claim 22, 
wherein said data distribution apparatus prepares 
a second module including said provided first mod- 
ule and distributes the prepared second module to 
said data processing apparatus. 

25. A data providing system as set forth in claim 22, 
wherein said data distribution apparatus distributes 
said second module further storing price data show- 
ing the price of the content data to said data 
processing apparatus. 

26. A data providing system as set forth in claim 25, 
wherein said data distribution apparatus deter- 
mines the price data based on a wholesale price 
determined for said content data by said data pro- 
viding apparatus. 

27. A data providing system as set forth in claim 22, 
wherein said data providing apparatus provides a 
first module further storing signature data for veri- 
fying the legitimacy of a producer and transmitter of 
at least one data of the content data, content key 
data, and usage control policy data to said data dis- 
tribution apparatus. 

28. A data providing system as set forth in claim 22, 



wherein said data distribution apparatus provides 
said second module further storing signature data 
for verifying the legitimacy of a producer and trans- 
mitter of at least one data among the content data, 
5 content key data, and usage control policy data to 

said data processing apparatus. 

29. A data providing system as set forth in claim 22, 
wherein 

10 

said data processing apparatus determines at 
least one of the purchase form and the usage 
form of the distributed content data based on 
the usage control policy data and sends log da- 

15 ta showing the log of at least one of the pur- 

chase form and usage form decided to said 
management apparatus and 
said management apparatus performs profit 
distribution processing for distributing the profit 

20 obtained along with the purchase and usage of 

the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
viding apparatus and data distribution appara- 
tus based on the received log data. 

25 

30. A data providing system as set forth in claim 22, 
wherein 

said data processing apparatus sends distribu- 
30 tion use log data relating to the distribution of 

the data distribution apparatus to said data dis- 
tribution apparatus and 

said data distribution apparatus performs 
charge processing relating to that distribution 
35 based on the distribution use log data. 

31 . A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 

40 said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

45 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 

50 said data providing apparatus provides a first 

module storing a content file storing the content 
data encrypted by using said content key data 
and said key file received from said manage- 
ment apparatus to said data distribution appa- 

55 rat us, 

said data distribution apparatus distributes a 
second module storing said provided content 
file and said key file to said data processing ap- 
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paratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 5 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

32. A data providing system as set forth in claim 31 , 10 
wherein 

said data providing apparatus produces said 
content key data and said usage control policy 
data and sends them to said management ap- is 
paratus and 

said management apparatus produces said 
key file based on said received content key data 
and usage control policy data and registers said 
received content key data and usage control 20 
policy data. 

33. A data providing system as set forth in claim 31 , 
wherein said data providing apparatus prepares 
signature data for verifying at least one of the legit- 25 
imacy of a producer and distributor of the content 
key file and the distributor of the key file and distrib- 
utes said first module further storing the signature 
data to said data processing apparatus. 

30 

34. A data providing system as set forth in claim 31, 
wherein said data providing apparatus prepares 
signature data for verifying at least one of the legit- 
imacy of a producer and distributor of the content 
key file and the distributor of the key file and distrib- 35 
utes said second module further storing the signa- 
ture data to said data processing apparatus. 

35. A data providing system as set forth in claim 33, 
wherein 40 

said data providing apparatus prepares signa- 
ture data using its own secret key data and 
said data processing apparatus verifies the le- 
gitimacy of the signature data using public key 45 
data corresponding to said secret key data. 

36. A data providing system as set forth in claim 33, 
wherein 

50 

said data providing apparatus distributes said 
module further storing public key certificate da- 
ta for certifying the legitimacy of the public key 
data to said data processing apparatus and 
said data processing apparatus verifies the sig- 55 
nature data using the public key data stored in 
the distributed public key certificate data. 



37. A data providing system as set forth in claim 36, 
wherein 

said management apparatus distributes public 
key certificate data for certifying the legitimacy 
of the public key data to said data processing 
apparatus and 

said data processing apparatus verifies the sig- 
nature data using the public key data stored in 
the distributed public key certificate data. 

38. A data providing system as set forth in claim 33, 
wherein 

said data distribution apparatus prepares said 
signature data using its own secret key data 
and 

said data processing apparatus verifies the le- 
gitimacy of the signature data using public key 
data corresponding to said secret key data. 

39. A data providing system as set forth in claim 38, 
wherein 

said data distribution apparatus distributes said 
module further storing public key certificate da- 
ta for certifying the legitimacy of the public key 
data to said data processing apparatus and 
said data processing apparatus verifies the sig- 
nature data using the public key data stored in 
the distributed public key certificate data. 

40. A data providing system as set forth in claim 38, 
wherein 

said management apparatus distributes said 
public key certificate data for certifying the le- 
gitimacy of the public key data to said data 
processing apparatus and 
said data processing apparatus verifies the sig- 
nature data using the public key data stored in 
the distributed public key certificate data. 

41. A data providing system as set forth in claim 31, 
wherein 

said data processing apparatus determines at 
least one of the purchase form and the usage 
form of the distributed content data based on 
the usage control policy data and sends log da- 
ta showing the log of at least one of the pur- 
chase form and usage form decided to said 
management apparatus, and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
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viding apparatus and the data distribution ap- 
paratus based on the received log data. 

42. A data providing system as set forth in claim 31 , 
wherein said data distribution apparatus distributes 
said second module further storing price data show- 
ing the price of the content data to said data 
processing apparatus. 

43. A data providing system as set forth in claim 42, 
wherein said management apparatus registers the 
price data received from said data distribution de- 
vice. 

44. A data providing system as set forth in claim 31, 
wherein said data processing apparatus comprises 
a module giving resistance to outside monitoring 
and tampering of the processing content, predeter- 
mined data stored in an internal memory, and data 
being processed. 

45. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing a content file containing the 
content data encrypted by using said content 
key data and a key file received from said man- 
agement apparatus to said data distribution ap- 
paratus, 

said data distribution apparatus distributes a 
second module storing said provided content 
file to said data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

46. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 



apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
5 crypted usage control policy data indicating the 

handling of said content data, 
said data providing apparatus individually dis- 
tributes a content file storing the content data 
encrypted by using said content key data and 
*0 said key file received from said management 

apparatus to said data distribution apparatus, 
said data distribution apparatus individually 
distributes said distributed content file and key 
file to said data processing apparatus, and 
15 said data processing apparatus decrypts said 

content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
20 lated decrypted usage control policy data. 

47. A data providing system as set forth in claim 46, 
wherein said content file and said key file include 
data for clearing indicating their mutual correspond- 

25 ence. 

48. A data providi ng system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 

30 apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
35 crypted usage control policy data indicating/the 

handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus provides a con- 
*o tent file storing the content data encrypted by 

using said content key data to said data distri- 
bution apparatus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
45 apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
50 in said distributed content file based on the re- 

lated decrypted usage control policy data. 

49. A data providing system as set forth in claim 48, 
wherein said content file and said key file include 

55 data for clearing indicating their mutual correspond- 
ence. 

50. A data providing system for providing content data 
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from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 5 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 10 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing the content data encrypted by 
using said content key data and said key file 15 
received from said management apparatus to 
said data distribution apparatus, 
said data distribution apparatus distributes a 
second module storing said provided content 
data and said key file to said data processing 20 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 25 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

51 . A data providing system for providing content data 30 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 35 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 40 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said key file received 45 
from said management apparatus to said data 
distribution apparatus, 

said data distribution apparatus individually 
distributes said distributed content data and 
said key file to said data distribution apparatus, so 
and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said distributed con- 55 
tent data based on the related decrypted usage 
control policy data. 



52. A data providing system for distributing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data processing apparatus provides the 
content data encrypted by using said content 
key data to said data distribution apparatus, 
said data distribution apparatus distributes said 
provided content data to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said distributed con- 
tent data based on the related decrypted usage 
control policy data. 

53. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus provides encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating the handling of said 
content data to said data providing apparatus, 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 
policy data received from said management ap- 
paratus to said data distribution apparatus, 
said data distribution apparatus individually 
distributes said distributed content data, said 
encrypted content key data, and said encrypted 
usage control policy data to said data distribu- 
tion apparatus, and 

said data processing apparatus decrypts said 
distributed content key data and said usage 
control policy data and determines the handling 
of said distributed content data based on the 
related decrypted usage control policy data. 

54. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
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said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus provides encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating the handling of said 
content data to said data processing apparatus, 
said data providing apparatus provides the con- 
tent data encrypted by using said content key 
data to said data distribution apparatus, 
said data distribution apparatus distributes said 
provided content data to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
distribute said content key data and said usage 
control policy data and determines the handling 
of said distributed content data based on the 
related decrypted usage control policy data. 

55. A data providing apparatus, a data distribution ap- 
paratus, a management apparatus, and a data 
processing apparatus, wherein 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
file and said key file to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

56. A data providing system as set forth in claim 55, 
wherein 



said data distribution apparatus produces a 
second module storing said content file and 
said key file stored in said first module and dis- 
tributes it to said data processing apparatus. 

5 

57. A data providing system as set forth in claim 55, 
wherein said management apparatus 

comprises at least one database among a da- 
*o tabase for storing and managing said content 

file, a database for storing and managing said 
key file, and a database for storing and manag- 
ing said usage control policy data and 
centrally manages at least one among said 
15 content file, said key file, and said usage control 

policy data by using a content identifier unique- 
ly allocated to said content data. 

58. A data providing system comprising a data provid- 
20 jng apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 

said data providing apparatus provides master 
25 source data of content to said management ap- 

paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
30 tus, encrypts said provided master source data 

by using content key data to prepare content 
data, prepares a content file storing the related 
content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
35 age control policy data indicating the handling 

of said content data, provides said content file 
to said data distribution apparatus, and pro- 
vides said key file to said data processing ap- 
paratus, 

4 o said data distribution apparatus distributes said 

provided content file to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
45 data stored in said distributed key file and de- 

termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

so 59. a data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 
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30 



35 



40 



said management apparatus prepares a first 55 
module storing said content file and said key 
file and provides said first module to said data 
distribution apparatus and 



said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus, 
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said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 
content key data and encrypted usage control 5 
policy data indicating the handling of said con- 
tent data, and provides said content file provid- 
ed from said data providing apparatus and said 
prepared key file to said data distribution appa- 
ratus, w 
said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy *5 
data stored in said distributed key file and de- 
termines the handling of thecontent data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

20 

A data providing system as set forth in claim 59, 
wherein 

said management apparatus prepares a first 
module storing said content file and said key 25 
file and provides said first module to said data 
distribution apparatus and 
said data distribution apparatus produces a 
second module storing said content file and 
said key file stored in said first module and dis- 30 
tributes it to said data processing apparatus. 

A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 35 
ratus, wherein 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 40 
tus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 45 
content key data and encrypted usage control 
policy data indicating the handling of said con- 
tent data, provides said content file provided 
from said data providing apparatus to said data 
distribution apparatus, and provides said pre- so 
pared key file to said data processing appara- 
tus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus, and 55 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 



mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data, 

62. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file and a key file provided from said manage- 
ment apparatus in said database device, 
said management apparatus prepares the key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, and provides 
the related prepared key file to said data pro- 
viding apparatus, 

said data distribution apparatus distributes said 
content file and key file obtained from said da- 
tabase device to said data processing appara- 
tus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of thecontent data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

63. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares the key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data distri- 
bution apparatus : 

said data distribution apparatus distributes said 
content file obtained from said database device 
and the key file provided from said data distri- 
bution apparatus to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
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fated decrypted usage control policy data. 

64. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data s 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 10 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares the key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 15 
the handling of said content data and provides 
the related prepared key file to said data 
processing apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 20 
and the key file provided from said data distri- 
bution apparatus to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 25 
data stored in said provided key file and deter- 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

30 

65. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 35 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 40 
tent files and key files provided from corre- 
sponding management apparatuses in said da- 
tabase device, 

said management apparatuses prepare key 
files storing said encrypted content key data 45 
and the encrypted usage control policy data in- 
dicating the handling of said content data for 
the content data provided by corresponding da- 
ta providing apparatuses, and provide the re- 
lated prepared key files to corresponding data so 
providing apparatuses, 

said data distribution apparatus distributes said 
content files and key files obtained from said 
database device to said data processing appa- 
ratus, and .55 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 



termines the handling of the content data stored 
in sard distributed content files based on the re- 
lated decrypted usage control policy data. 

66. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare key 
files storing said encrypted content key data 
and the encrypted usage control policy data in- 
dicating the handling of said content data for 
the content data provided by corresponding da- 
ta providing apparatuses, and provide the re- 
lated prepared key files to said data distribution 
apparatus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatus to said data processing ap- 
paratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data..- 

67. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare key 
files storing said encrypted content key data 
and the encrypted usage control policy data in- 
dicating the handling of said content data for 
the content data provided by corresponding da- 
ta providing apparatuses, and provide the re- 
lated prepared key files to said data processing 
apparatus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus, and 
said data processing apparatus decrypts said 
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content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 5 

68. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 10 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content is 
files and key files received from the related 
management apparatuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 20 
key data, prepare the content files storing the 
related encrypted content data, prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 25 
content data provided by corresponding data 
providing apparatuses, and send said prepared 
content files and said prepared key files to cor- 
responding data providing apparatuses, 
said data distribution apparatus distributes said 30 
content files and key files obtained from said 
database device to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 35 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

40 

69. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 45 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses, and store content 
files received from the related management ap- so 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare the content files storing the 55 
related encrypted content data, send the relat- 
ed prepared content files to said data providing 
apparatuses, prepare key files storing said en- 



crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send said prepared key files to correspond- 
ing data distribution apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

70. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare the content files storing the 
related encrypted content data, send the relat- 
ed prepared content files to said data providing 
apparatuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send said prepared key files to said data 
processing apparatus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

71 . A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
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tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides said 
content data encrypted by using said content 
key data : and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said key file and determines the 
handling of said content data based on the re- 
lated decrypted usage control policy data. 

72. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing said prepared key file from said 
management apparatus to said data providing 
apparatus, 

distributing a module storing a content file stor- 
ing the content data encrypted by using said 
content key data and said key file distributed 
from said management apparatus from said da- 
ta providing apparatus to said data processing 
apparatus, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and determining the handling of said content 
data based on the related decrypted usage 
control policy data. 

73. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, distributing a 
module storing a content file containing the 
content data encrypted by using said content 
key data and the key file received from said 
management apparatus to said data process- 



ing apparatus, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
5 and determining the handling of said content 

data based on the related decrypted usage 
control policy data. 

74. A data providing method for distributing content da- 
10 ta from a data providing apparatus to a data 

processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

15 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
20 distributing the related key file from said man- 

agement apparatus to said data providing ap- 
paratus, 

individually distributing a content file storing the 
content data encrypted by using said content 
25 key data and said key file received from said 

management apparatus from said data provid- 
ing apparatus to said data processing appara- 
tus, and 

in said data processing apparatus, decrypting 
30 said content key data and said usage control 

policy data stored in said distributed key file and 
determining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

35 

75. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 

^o tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
45 encrypted usage control policy data indicating 

the handling of said content data, 
distributing the related key file from said man- 
agement apparatus to said data processing ap- 
paratus, 

so distributing a content file storing the content da- 

ta encrypted by using said content key data 
from said data providing apparatus to said data 
processing apparatus, and 
in said data processing apparatus, decrypting 
55 said content key data and said usage control 

policy data stored in said distributed key file and 
determining the handling of the content data 
stored in said distributed content file based on 
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the related decrypted usage control policy data. 

76. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 5 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 10 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, distributing a 
module storing the content data encrypted by is 
using said content key data and said key file 
received from said management apparatus to 
said data processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 20 
policy data stored in said distributed module 
and determining the handling of said content 
data based on the related decrypted usage 
control policy data. 

25 

77. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 30 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 35 
the handling of said content data, 
in said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 40 
processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of said distributed 45 
content data based on the related decrypted 
usage control policy data. 

78. A data providing method for distributing content da- 
ta from a data providing apparatus to a data so 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

55 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 



the handling of said content data, 
distributing the related prepared key file to said 
data processing apparatus, 
in said data providing apparatus, distributing 
the content data encrypted by using said con- 
tent key data to said data processing appara- 
tus, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of said distributed 
content data based on the related decrypted 
usage control policy data. 

79. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data, 

in said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 
policy data received from said management ap- 
paratus to said data processing apparatus, and 
in said data processing apparatus, decrypting 
said distributed content key data and said us- 
age control policy data and determining the 
handling of the content data stored in said dis- 
tributed content file based on the related de- 
crypted usage control policy data. 

80. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data and distributing the same to 
said data processing apparatus, 
in said data providing apparatus, distributing 
the content data encrypted by using said con- 
tent key data to said data processing appara- 
tus, and 

in said data processing apparatus, decrypting 
said distributed content key data and said us- 
age control policy data and determining the 
handling of said distributed content data based 
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on the related decrypted usage control policy 
data. 

81 . A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a data 
processing apparatus, and a management appara- 
tus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
providing said content data encrypted by using 
said content key data from said data providing 
apparatus to said data distribution apparatus, 
in said data distribution apparatus, distributing 
said provided content data to said data 
processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said key file and determin- 
ing the handling of said distributed content data 
based on the related decrypted usage control 
policy data. 

82. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing the related prepared key file from 
said management apparatus to said data pro- 
viding apparatus, 

providing a first module storing a content file 
storing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus from said da- 
ta providing apparatus to said data distribution 
apparatus, and 

distributing a second module storing said pro- 
vided content file and said key file from said da- 
ta distribution apparatus to said data process- 
ing apparatus, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 
module and determining the handling of said 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 
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83. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, providing a 
first module storing a content file containing the 
content data encrypted by using said content 
key data and a key file received from said man- 
agement apparatus to said data distribution ap- 
paratus, 

in said data distribution apparatus, distributing 
a second module storing said provided content 
file to said data processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 
module and determining the handling of said 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 

84. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 



40 



in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing said prepared key file from said 
management apparatus to said data providing 
apparatus, 

individually distributing a content file storing the 
content data encrypted by using said content 
key data and said key file received from said 
management apparatus from said data provid- 
ing apparatus to said data distribution appara- 
tus, 

individually distributing said distributed content 
file and said key file from said data distribution 
55 apparatus to said data distribution apparatus, 

and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
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policy data stored in said distributed key file and 
determining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

5 

85. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 10 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 15 
the handling of said content data, 
distributing the related prepared key file from 
said management apparatus to said data 
processing apparatus, 

providing a content file storing the content data 20 
encrypted by using said content key data from 
said data providing apparatus to said data dis- 
tribution apparatus, and 

distributing said provided content file from said 
data distribution apparatus to said data 25 
processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key fileand 
determining the handling of the content data 30 
stored in said distributed content file based on 
the related decrypted usage control policy data, 

86. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 35 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 40 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 45 
the handling of said content data, 
in said data providing apparatus, providing a 
first module storing the content data encrypted 
by using said content key data and said key file 
received from said management apparatus to 50 
said data distribution apparatus, 
in said data distribution apparatus, distributing 
a second module storing said provided content 
data and said key file to said data processing 
apparatus, and 55 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 



module and determining the handling of said 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 

87. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 
distribution apparatus, 

in said data distribution apparatus, individually 
distributing said distributed content data and 
said key file to said data distribution apparatus, 
and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of said distributed 
content data based on the related decrypted 
usage control policy data. 

88. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and distribut- 
ing the related prepared key file to said data 
processing apparatus, 

in said data providing apparatus, providing the 
content data encrypted by using said content 
key data to said data distribution apparatus, 
in said data distribution apparatus, distributing 
said provided content data to said data 
processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of said distributed 
content data based on the related decrypted 
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usage control policy data. 

89. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, providing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data to said data providing appa- 
ratus, 

in said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 
policy data which are received from said man- 
agement apparatus to said data distribution ap- 
paratus, 

in said data distribution apparatus, individually 
distributing said distributed content data, said 
encrypted content key data, and said encrypted 
usage control policy data to said data distribu- 
tion apparatus, and 

in said data processing apparatus, decrypting 
said distributed content key data and said us- 
age control policy data and determining the 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 

90. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, distributing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data to said data processing ap- 
paratus, 

in said data providing apparatus, distributing 
the content data encrypted by using said con- 
tent key data to said data distribution appara- 
tus, 

in said data distribution apparatus, distributing 
said provided content data to said data 
processing apparatus, and 
in said data processing apparatus, decrypting 
said distributed content key data and said us- 



age control policy data and determining the 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 

5 

91 . A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

10 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 

15 ta providing apparatus, said data distribution 

apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 

20 content data, prepares a key file storing said 

encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
file and said key file to said data distribution ap- 

25 paratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus, and 
said data processing apparatus decrypts said 

30 content key data and said usage control policy 

data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

35 

92. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

40 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
45 ta providing apparatus, said data distribution 

apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
50 content data, prepares a key file storing said 

encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
file to said data distribution apparatus and pro- 
55 vides said key file to said data processing ap- 

paratus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
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apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of the content data stored 5 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

93. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 10 
ment apparatus, and a data processing apparatus, 
wherein 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 15 
content key data to said management appara- 
tus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 20 
tus, prepares a key file storing said encrypted 
content key data and encrypted usage control 
policy data indicating the handling of said con- 
tent data, provides said content file provided 
from said data providing apparatus and said 25 
prepared key file to said data distribution appa- 
ratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus, and 30 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of thecontent data stored 
in said distributed content file based on the re- 35 
lated decrypted usage control policy data. 

94. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 40 
wherein 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 45 
tus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted so 
content key data and encrypted usage control 
policy data indicating the handling of said con- 
tent data, provides said content file provided 
from said data providing apparatus to said data 
distribution apparatus, and provides said pre- 55 
pared key file to said data processing appara- 
tus, 

said data distribution apparatus distributes said 



provided content file to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

95. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file and a key file provided from said manage- 
ment apparatus in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data pro- 
viding apparatus, 

said data distribution apparatus distributes said 
content file and key file obtained from said da- 
tabase device to said data processing appara- 
tus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

96. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data distri- 
bution apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
and the key file provided from said data distri- 
bution apparatus to said data processing appa- 
ratus, and 
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said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

97. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key fiie to said data 
processing apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
and the key file provided from said data distri- 
bution apparatus to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

98. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files and key files provided from corre- 
sponding management apparatuses in said da- 
tabase device, 

said management apparatuses prepare the key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to corresponding data pro- 
viding apparatuses, 

said data distribution apparatus distributes said 
content files and key files obtained from said 



database device to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
s data stored in said distributed key files and de- 

termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

10 99. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 



15 



25 



30 



35 



said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare the key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 



40 



100. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
45 wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 

50 tent data, and store the related prepared con- 

tent files in said database device, 
said management apparatuses prepare the key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 

55 eating the handling of said content data for the 

content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to said data processing ap- 
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pa rat us, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus, and 
said data processing apparatus decrypts said 5 
content key data and said usage control policy 
data stored in said provided key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 10 

101 .A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 15 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 20 
files and key files received from the related 
management apparatuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 25 
key data, prepare content files storing the relat- 
ed encrypted content data, prepare key files 
storing said encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data for the content da- 30 
ta provided by corresponding data providing 
apparatuses, and send said prepared content 
files and said prepared key files to correspond- 
ing data providing apparatuses, 
said data distribution apparatus distributes said 35 
content files and key files obtained from said 
database device to said data processing appa- 
ratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 40 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

45 

102. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein so 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 55 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 



data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared contentfiles to said data providing ap- 
paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send the related prepared key files to cor- 
responding data distribution apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and key files provided from said manage- 
ment apparatuses to said data processing ap- 
paratus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

103. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared contentfiles to said data providing ap- 
paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and provide the related prepared key files to 
said data processing apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

104. A data providing system for distributing content da- 
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ta from a data providing apparatus to a data 
processing apparatus, wherein 

said data providing apparatus distributes a 
module storing the content data encrypted by 
using content key data, said encrypted content 
key data, and encrypted usage control policy 
data indicating the handling of said content da- 
ta to said data processing apparatus by using 
a predetermined communication protocol in a 
format not depending upon the related commu- 
nication protocol or by recording the same on 
a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module and de- 
termines the handling of said content data 
based on the related decrypted usage control 
policy data. 

105. A data providing system as set forth in claim 104, 
wherein said data providing apparatus distributes 
said module further storing signature data for veri- 
fying a legitimacy of a producer and a transmitter of 
at least one data among said content data, said con- 
tent key data, and said usage control policy data to 
said data processing apparatus. 

106. A data providing system as set forth in claim 104, 
wherein 

said data providing apparatus distributes said 
module further storing at least one data between 
data for verifying if the related data is not tampered 
with and signature data for verifying if the related 
data was normally certified by a predetermined 
manager for at least one data among said content 
data, said content key data, and said usage control 
policy data to said data processing apparatus. 

107. A data providing system as set forth in claim 104, 
wherein 

said data processing apparatus determines a 
purchase form of said content data based on 
said usage control policy data : and 
where said content data is transferred to anoth- 
er data processing apparatus, the signature da- 
ta indicating the legitimacy of the purchaser of 
the related content data and the signature data 
indicating the legitimacy of the transmitter of 
the related content data are made different. 

108. A data providing system as set forth in claim 104, 
wherein said data providing apparatus produces 
signature data using secret key data of said data 
providing apparatus and a hash function. 

1 09. A data providing system for distributing content da- 



ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

5 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
10 said data providing apparatus distributes a 

module storing a content file storing the content 
data encrypted by using said content key data 
and said key file received from said manage- 
ment apparatus to said data processing appa- 
15 ratus by using a predetermined communication 

protocol in a format not depending upon the re- 
lated communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
20 content key data and said usage control policy 

data stored in said distributed module and de- 
termines the handling of said content data 
based on the related decrypted usage control 
policy data. 

25 

110.A data providing system as set forth in claim 109, 
wherein said management apparatus produces sig- 
nature data for verifying the legitimacy of the pro- 
ducer of said key file and prepares said key file f ur- 
30 ther storing the related signature data. 

1117V data providing system as set forth in claim 109, 
wherein 

35 said data providing apparatus produces said 

content key data and said usage control policy 
data and transmits the same to said manage- 
ment apparatus, and 

said management apparatus prepares said key 
40 file based on said received content key data 

and usage control policy data and registers the 
related prepared key file. 

112. A data providing system as set forth in claim 110, 
45 wherein said data providing apparatus produces 

signature data for verifying at least one of the legit- 
imacy of a producer and transmitter of said content 
file and a distributor of said key file and distributes 
said module further storing said signature data to 
50 said data processing apparatus. 

113. A data providing system as set forth in claim 112, 
wherein said data processing apparatus verifies the 
signature data stored in said module to confirm at 

55 least one of the legitimacy of a producer and dis- 
tributor of said content file and a producer and dis- 
tributor of said key file. 
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114. A data providing system as set forth in claim 109, 
wherein said data providing apparatus further 
stores in said content file expansion use software 
for expanding the content data when the content da- 
ta is compressed. s 

115. A data providing system as set forth in claim 109, 
wherein said data providing apparatus further 
stores in said content file an electronic watermark 
information module including information used for 10 
detecting said electronic watermark information 
when electronic watermark information is buried in 
said content file. 

116. A data providing system as set forth in claim 109, 15 
wherein said data providing apparatus stores meta- 
data relating to the explanation of the content of the 
content data in said content file or distributes it sep- 
arately from the content file to said data processing 
apparatus. 20 

117. A data providing system as set forth in claim 109, 
wherein 

said management apparatus produces said 
key file storing said content file data and said usage 25 
control policy data encrypted using said distribution 
use key data. 



said data processing apparatus reads said con- 
tent file and said key file based on the file read- 
er. 

122. A data providing system as set forth in claim 113, 
wherein 

said data providing apparatus produces said 
signature data using its own secret key data 
and 

said data processing apparatus verifies the le- 
gitimacy of said signature data using public key 
data corresponding to said secret key data. 

123. A data providing system as set forth in claim 122, 
wherein 

said data providing apparatus distributes said 
module further storing public key certificate da- 
ta certifying the legitimacy of said public key da- 
ta to said data processing apparatus and 
said data processing apparatus verifies said 
signature data using the public key data stored 
in said distributed public key certificate data. 

124. A data providing system as set forth in claim 122, 
wherein 



20 



118. A data providing system as set forth in claim 117, 
wherein said management apparatus and said data 
processing apparatus comprise a plurality of distri- 
bution use key data of defined periods of validity 
and use distribution use key data of corresponding 
periods. 

119. A data providing system as set forth in claim 109, 
wherein said management apparatus produces 
said key file further storing data describing the 
grammar of said usage policy control data. 

120. A data providing system as set forth in claim 109, 
wherein 



121 .A data providing system as set forth in claim 109, 
wherein 



said management apparatus distributes public 
key certificate data certifying the legitimacy of 
said public key data to said data processing ap- 
paratus and 

said data processing apparatus verifies said 
signature data using the public key data stored 
in said distributed public key certificate data. 

125. A data providing system as set forth in claim 122, 
wherein said data providing apparatus performs 
mutual certification with said data processing appa- 
ratus, encrypts said module using session key data 
obtained by said mutual certification, and sends the 
encrypted module to said data processing appara- 
tus. 

126. A data providing system as set forth in claim 122, 
wherein said data providing apparatus produces a 
storage medium recording said module. 

127 . A data providing system as set forth in claim 122, 
wherein said data processing apparatus deter- 
mines at least one of a purchase form and a usage 
form of said content data based on said usage con- 
trol policy data. 



40 



said management apparatus distributes data 
showing information for reading the content file 45 
and the key file, that is, a file reader, to said data 
processing apparatus and 
said data processing apparatus reads said con- 
tent file and said key file based on the file read- 
er. 50 



said data providing apparatus distributes data 55 
showing information for reading the content file 
and the key file, that is, a file reader, to said data 
processing apparatus and 



128.A data providing system as set forth in claim 122, 
wherein said data processing apparatus outputs 
said encrypted content key data and said encrypted 
content data to a decryption device. 
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129. A data providing system as set forth in claim 129, 
wherein 

said data processing apparatus determines at 
least one of the purchase form and the usage 
form of the distributed content data based on 
the usage control policy data and sends log da- 
ta showing the log of at least one of the pur- 
chase form and usage form decided to said 
management apparatus, and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
viding apparatus based on the received log da- 
ta. 

130. A data providing system as set forth in claim 129, 
wherein said management apparatus performs said 
profit distribution processing in units of content da- 
ta. 

131 .A data providing system as set forth in claim 129, 
wherein 

said data providing apparatus distributes a 
module storing a plurality of said content files 
and a plurality of key files corresponding to the 
plurality of content files to said data processing 
apparatus and 

said content files include directory structure da- 
ta showing the relationship among the plurality 
of content files and the relationship with said 
key files. 

132. A data providing system as set forth in claim 109, 
wherein said data providing apparatus further com- 
prises a memory circuit for storing said module. 

133. A data providing system as set forth in claim 132, 
wherein said data providing apparatus manages 
said module based on a content identifier uniquely 
allocated to said content data. 

134. A data providing system as set forth in claim 133, 
wherein said management apparatus prepares said 
key file further storing said content identifier. 

135. A data providing system as set forth in claim 133, 
wherein said content identifier is determined 
uniquely in said content data stored by said data 
providing apparatus in said memory circuit. 

136. A data providing system as set forth in claim 133, 
wherein said content identifier is determined 
uniquely globally. 



137.A data providing system as set forth in claim 133, 
wherein said data providing apparatus produces 
said content identifier. 

5 138.A data providing system as set forth in claim 133, 
wherein said data providing apparatus further com- 
prises a memory circuit for storing said module. 

139. A data providing system as set forth in claim 133, 
10 wherein said data processing circuit comprises a 

module giving resistance to outside monitoring and 
tampering of the processing content, predeter- 
mined data stored in an internal memory, and data 
being processed. 

75 

140. A data providing apparatus which is managed by a 
management apparatus and distributes content da- 
ta to a data processing apparatus, 

20 receiving a key file storing encrypted content 

key data and encrypted usage control policy 
data indicating the handling of said content da- 
ta from said management apparatus and 
distributing a module storing a content file stor- 
es ing the content data encrypted by using said 
content key data and said key file received from 
said management apparatus to said data 
processing apparatus. 

30 141 .A data processing apparatus managed by a man- 
agement apparatus and utilizing content data, 

receiving a module containing a key file storing 
encrypted content key data and encrypted us- 
35 age control policy data indicating the handling 

of said content data and a content file storing 
the content data encrypted by using said con- 
tent key data, 

determining at least one between a purchase 
40 form and an usage form of said content data 

based on said usage control policy data, and 
transmitting a log data indicating the log of the 
determined at least one of the related purchase 
form and usage form to said management ap- 
45 paratus. 

142 A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
50 viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
55 crypted usage control policy data indicating the 

handling of said content data, 
said data providing apparatus distributes a 
module storing a content file containing the 
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content data encrypted by using said content 
key data and the key file received from said 
management apparatus to said data process- 
ing apparatus by using a predetermined com- 
munication protocol in a format not depending 
upon the related communication protocol or re- 
cording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module and de- 
termines the handling of said content data 
based on the related decrypted usage control 
policy data. 

143. A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 
tributes a content file storing the content data 
encrypted by using said content key data and 
said key file received from said management 
apparatus to said data processing apparatus by 
using a predetermined communication protocol 
but in a format not depending upon the related 
communication protocol or by recording the 
same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of thecontent data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

144. A data providing system as set forth in claim 143, 
wherein 

said data providing apparatus individually dis- 
tributes a plurality of said content files and a 
plurality of key files corresponding to said plu- 
rality of content files to said data processing ap- 
paratus, and 

said content files and said key files include hy- 
per link information showing the mutual corre- 
spondence. 

145. A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 



said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus distributes a con- 
tent file storing the content data encrypted by 
using said content key data to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

146. A data providing system as set forth in claim 145, 
wherein 

said data providing apparatus distributes a plu- 
rality of said content files to said data process- 
ing apparatus, 

said management apparatus distributes the 
plurality of key files corresponding to the plural- 
ity of content files to said data processing ap- 
paratus, and 

said content files and said key files include hy- 
per link information showing the mutual corre- 
spondence. 

147. A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus distributes a 
module storing the content data encrypted by 
using said content key data and said key file 
received from said management apparatus to 
said data processing apparatus by using a pre- 
determined communication protocol but in a 
format not depending upon the related commu- 
nication protocol or recording the same on a 
storage medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module and de- 
termines the handling of said content data 
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based on the related decrypted usage control 
policy data. 

148. A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said distributed con- 
tent data based on the related decrypted usage 
control policy data. 

149. A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus distributes the 
content data encrypted by using said content 
key data to said data processing apparatus by 
using a predetermined communication protocol 
but in a format not depending upon the related 
communication protocol or recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said distributed con- 
tent data based on the related decrypted usage 
control policy data. 

150. A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 



viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

said management apparatus prepares encrypt- 
5 ed content key data and encrypted usage con- 

trol policy data indicating the handling of said 
content data, 

said data providing apparatus individually dis- 
tributes the content data encrypted by using 

10 said content key data and said encrypted con- 

tent key data and said encrypted usage control 
policy data received from said management ap- 
paratus to said data processing apparatus by 
using a predetermined communication protocol 

15 but in a format not depending upon the related 

communication protocol or recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
distributed content key data and said usage 

20 control policy data and determines the handling 

of the content data stored in said distributed 
content file based on the related decrypted us- 
age control policy data. 

25 151 A data providing system for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, wherein 

30 

said management apparatus prepares encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating the handling of said 
content data and distributes the same to said 

35 data processing apparatus, 

said data providing apparatus distributes, the 
content data encrypted by using said content 
key data to said data processing apparatus by 
using a predetermined communication protocol 

40 but in a format not depending upon the related 

communication protocol or recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
distributed content key data and said usage 

45 control policy data and determines the handling 

of said distributed content data based on the 
related decrypted usage control policy data. 

152.A data providing system comprising a data provid- 
50 jng apparatus, a data distribution apparatus, and a 
data processing apparatus, wherein 

said data providing apparatus provides a first 
module storing content data encrypted by using 
55 content key data, said encrypted content key 

data, and encrypted usage control policy data 
indicating the handling of said content data to 
said data distribution apparatus, 
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said data distribution apparatus distributes a 
second module storing said encrypted content 
data, content key data ; and the usage control 
policy data stored in said provided first module 
to said data processing apparatus by using a 
predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta based on the related decrypted usage control 
policy data. 

153. A data providing system as set forth in claim 152, 
wherein said data distribution apparatus prepares 
a second module including said provided first mod- 
ule and distributes the prepared second module to 
said data processing apparatus. 

154. A data providing system as set forth in claim 152, 
wherein said data distribution apparatus distributes 
said second module furtherstoring price data show- 
ing the price of the content data to said data 
processing apparatus. 

155. A data providing system as set forth in claim 154, 
wherein said data distribution apparatus deter- 
mines the price data based on a wholesale price 
determined for said content data by said data pro- 
viding apparatus. 

156. A data providing system as set forth in claim 152, 
wherein said data providing apparatus provides a 
first module further storing signature data for veri- 
fying the legitimacy of a producer and transmitter of 
at least one data of the content data, content key 
data, and usage control policy data to said data dis- 
tribution apparatus. 

157. A data providing system as set forth in claim 156, 
wherein said data providing apparatus provides a 
first module further storing at least one data among 
data for verifying if the data has been tampered with 
for at least one data of the content data, content key 
data, and usage control policy data and signature 
data for verifying if the data has been certified as 
legitimate by a p redetermined manager to said data 
distribution device. 

158. A data providing system as set forth in claim 156, 
wherein said data distribution apparatus provides 
said second module furtherstoring signature data 
for verifying the legitimacy of a producer and trans- 
mitter of at least one data among the content data, 
content key data, and usage control policy data to 



said data processing apparatus. 

159. A data providing system as set forth in claim 152, 
wherein 

said data distribution apparatus provides said 
second module further storing at least one data 
among data for verifying if the data has been tam- 
pered with for at least one data of the content data, 
content key data, and usage control policy data and 
signature data for verifying if the data has been cer- 
tified as legitimate by a predetermined manager to 
said data processing apparatus. 

160. A data providing system as set forth in claim 152, 
wherein 

said said data processing apparatus deter- 
mines at least one of the purchase form and the 
usage form of the distributed content data 
based on the usage control policy data and 
sends log data showing the log of at least one 
of the purchase form and usage form decided 
to said management apparatus and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
viding apparatus and data distribution appara- 
tus based on the received log data. 

161 .A data providing system as set forth in claim 152, 
wherein 

said data processing apparatus sends distribu- 
tion use log data relating to the distribution of 
the data distribution apparatus to said data dis- 
tribution apparatus and 

said data distribution apparatus performs 
charge processing relating to that distribution 
based on the distribution use log data. 

162.A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing a content file storing the content 
data encrypted by using said content key data 
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and said key file received from said manage- 
ment apparatus to said data distribution appa- 
ratus, 

said data distribution apparatus distributes a 
second module storing said provided content 
file and said key file to said data processing ap- 
paratus by using a predetermined communica- 
tion protocol but in a format not depending upon 
the related communication protocol or record- 
ing the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

163. A data providing system as set forth in claim 162, 
wherein said management apparatus produces sig- 
nature data for verifying the legitimacy of the pro- 
ducer of said key file and prepares said key file fur- 
ther storing the related signature data. 

164. A data providing system as set forth in claim 162, 
wherein 

said data providing apparatus produces said 
content key data and said usage control policy 
data and transmits the same to said manage- 
ment apparatus, and 

said management apparatus prepares said key 
file based on said received content key data 
and usage control policy data and registers the 
received content key data and usage control 
policy data. 

165. A data providing system as set forth in claim 162, 
wherein said data providing apparatus produces 
signature data for verifying at least one of the legit- 
imacy of a producer and provider of said content file 
and a provider of said key file and distributes said 
module further storing said signature data to said 
data processing apparatus. 

166. A data providing system as set forth in claim 162, 
wherein said data distribution apparatus produces 
signature data for verifying at least one of the legit- 
imacy of a producer and distributor of said content 
file and a distributor of said key file and distributes 
said second module further storing said signature 
data to said data processing apparatus. 

167. A data providing system as set forth in claim 166, 
wherein said data processing apparatus verifies the 
signature data stored in said second module to con- 
firm at least one of the legitimacy of a producer and 
distributor of said content file and a producer and 



distributor of said key file. 

1687V data providing system as set forth in claim 162, 
wherein said data providing apparatus further 
5 stores in said content file expansion use software 

for expanding the content data when the content da- 
ta is compressed. 

1697V data providing system as set forth in claim 162, 
10 wherein said data providing apparatus stores meta- 
data relating to the explanation of the content of the 
content data in said content file or distributes it sep- 
arately from the content file to said data processing 
apparatus. 

15 

1707V data providing system as set forth in claim 162, 
wherein said data providing apparatus further 
stores in said content file an electronic watermark 
information module including information used for 
20 detecting said electronic watermark information 
when electronic watermark information is buried in 
said content file. 

1717V data providing system as set forth in claim 162, 
25 wherein said management apparatus 

produces said key file storing said content file 
data and said usage control policy data en- 
crypted using said distribution use key data and 
30 distributes said distribution use key data to said 

data processing apparatus. 

172.A data providing system as set forth in claim 171 , 
wherein said management apparatus and said data 
35 processing apparatus comprise a plurality of distri- 
bution use key data of defined periods of validity 
and use distribution use key data of corresponding 
periods. 

40 173.A data providing system as set forth in claim 162, 
wherein said management apparatus produces 
said key file further storing data describing the 
grammar of said usage policy control data. 

^5 174.A data providing system as set forth in claim 162, 
wherein 

said management apparatus distributes data 
showing information for reading the content file 
50 and the key file, that is, a file reader, to said data 

processing apparatus and 
said data processing apparatus reads said con- 
tent file and said key file based on the file read- 
er. 

55 

175.A data providing system as set forth in claim 162, 
wherein 
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said data providing apparatus distributes data 
showing information for reading the content file 
and the key file, that is, a file reader, to said data 
processing apparatus and 
said data processing apparatus reads said con- 
tent file and said key file based on the file read- 
er. 

176. A data providing system as set forth in claim 165, 
wherein 

said data providing apparatus produces said 
signature data using its own secret key data 
and 

said data processing apparatus verifies the le- 
gitimacy of said signature data using public key 
data corresponding to said secret key data. 

177. A data providing system as set forth in claim 176, 
wherein 

said data providing apparatus distributes said 
module further storing public key certificate da- 
ta certifying the legitimacy of said public key da- 
ta to said data processing apparatus and 
said data processing apparatus verifies said 
signature data using the public key data stored 
in said distributed public key certificate data. 

178. A data providing system as set forth in claim 176, 
wherein 

said management apparatus distributes public 
key certificate data certifying the legitimacy of 
said public key data to said data processing ap- 
paratus and 

said data processing apparatus verifies said 
signature data using the public key data stored 
in said distributed public key certificate data. 

179. A data providing system as set forth in claim 176, 
wherein 

said data distribution apparatus produces said 
signature data using its own secret key data 
and 

said data processing apparatus verifies the le- 
gitimacy of said signature data using public key 
data corresponding to said secret key data. 

180. A data providing system as set forth in claim 179, 
wherein 

said data distribution apparatus distributes said 
module further storing public key certificate da- 
ta certifying the legitimacy of said public key da- 
ta to said data processing apparatus and 
said data processing apparatus verifies the le- 
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gitimacy of said signature data using public key 
data stored in said distributed public key certif- 
icate data. 

181 .A data providing system as set forth in claim 179, 
wherein 

said management apparatus distributes public 
key certificate data certifying the legitimacy of 
said public key data to said data processing ap- 
paratus and 

said data processing apparatus verifies the le- 
gitimacy of said signature data using public key 
data stored in said distributed public key certif- 
icate data. 

182. A data providing system as set forth in claim 162, 
wherein said data distribution apparatus performs 
mutual certification with said data processing appa- 
ratus, encrypts said module using session key data 
obtained by said mutual certification, and sends the 
encrypted second module to said data processing 
apparatus. 

183. A data providing system as set forth in claim 182, 
wherein said data distribution apparatus produces 
a storage medium recording said module. 

184. A data providing system as set forth in claim 162, 
wherein said data processing apparatus deter- 
mines at least one of a purchase form and a usage 
form of said content data based on said usage con- 
trol policy data. 

185. A data providing system as set forth in claim 162, 
wherein said data processing apparatus outputs 
said encrypted content key data and said encrypted 
content data to a decryption device. 

186. A data providing system as set forth in claim 162, 
wherein 

said data processing apparatus determines at 
least one of the purchase form and the usage 
form of the distributed content data based on 
the usage control policy data and sends log da- 
ta showing the log of at least one of the pur- 
chase form and usage form decided to said 
management apparatus, and 
said management apparatus performs profit 
distribution processing for distributing the profit 
obtained along with the purchase and usage of 
the content data in the data processing appa- 
ratus to the interested parties of the data pro- 
viding apparatus and data distribution appara- 
tus based on the received log data. 

187 . A data providing system as set forth in claim 186, 
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wherein said management apparatus performs said 
profit distribution processing in units of content da- 
ta. 

188. A data providing system as set forth in claim 162, 
wherein said data distribution apparatus distributes 
said second module storing price data showing a 
price of said content data to said data processing 
apparatus. 

189. A data providing system as set forth in claim 186, 
wherein said management apparatus registers said 
price data received from said data distribution ap- 
paratus. 

190. A data providing system as set forth in claim 162, 
wherein said data processing apparatus comprises 
a module giving resistance to outside monitoring 
and tampering of the processing content, predeter- 
mined data stored in an internal memory, and data 
being processed. 

191 .A data providing system as set forth in claim 162, 
wherein 

when said first module and said second module 
store a plurality of content files and a plurality 
of key files corresponding to the plurality of con- 
tent files, 

said first module and said second module fur- 
ther include data showing the correspondence 
of the plurality of content files and the corre- 
sponding key files. 

192. A data providing system as set forth in claim 162, 
wherein 

said data providing apparatus distributes a 
module storing a plurality of said content files 
and a plurality of key files corresponding to the 
plurality of content files to said data processing 
apparatus and 

said content files include directory structure da- 
ta showing the relationship among the plurality 
of content files and the relationship with said 
key files. 

193. A data providing system as set forth in claim 162, 
wherein said data providing apparatus further com- 
prises a memory circuit for storing said module. 

194. A data providing system as set forth in claim 193, 
wherein said data providing apparatus manages 
said module based on a content identifier uniquely 
allocated to said content data. 

195. A data providing system as set forth in claim 194, 
wherein said management apparatus prepares said 



key file further storing said content identifier. 

196 A data providing system as set forth in claim 194, 
wherein said content identifier is determined 
5 uniquely in said content data stored by said data 

providing apparatus in said memory circuit. 

197. A data providing system as set forth in claim 194, 
wherein said content identifier is determined 

10 uniquely globally. 

198. A data providing system as set forth in claim 194, 
wherein said data providing apparatus produces 
said content identifier. 

15 

199. A data providing system as set forth in claim 194, 
wherein said data providing apparatus further com- 
prises a memory circuit for storing said module. 

200 . A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing a content file containing the 
content data encrypted by using said content 
key data and a key file received from said man- 
agement apparatus to said data distribution ap- 
paratus, 

said data distribution apparatus distributes a 
second module storing said provided content 
file to said data processing apparatus by using 
a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or recording the same on 
a storage medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

201 A data providing system for providing content data 
from a data providing apparatus to a first data dis- 
tribution apparatus and a second data distribution 
apparatus, distributing the content data from said 
first data distribution apparatus and said second da- 
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ta distribution apparatus to a data processing appa- 
ratus, and managing said data providing apparatus, 
said first data distribution apparatus, said second 
data distribution apparatus, and said data process- 
ing apparatus by a management apparatus, where- 
in 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing a content file storing the content 
data encrypted by using said content key data 
and said key file received from said manage- 
ment apparatus to said first data distribution ap- 
paratus and said second data distribution ap- 
paratus, 

said first data distribution apparatus distributes 
a second module storing said provided content 
file and said key file to said data processing ap- 
paratus, 

said second data distribution apparatus distrib- 
utes a third module storing said provided con- 
tent file and said key file to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and said third module and determines the han- 
dling of said content data based on the related 
decrypted usage control policy data. 

202. A data providing system as set forth in claim 201 , 
wherein 

said first data distribution apparatus distributes 
said second module storing first price data 
showing a price of said content data to said data 
processing apparatus and 
said second data distribution apparatus distrib- 
utes said third module storing second price da- 
ta showing a price of content data to said data 
processing apparatus. 

203. A data providing system for providing first content 
data from a first data providing apparatus to a data 
distribution apparatus, providing second content 
data from a second data providing apparatus to the 
data distribution apparatus, distributing the content 
data from said data distribution apparatus to a data 
processing apparatus, and managing said first data 
providing apparatus, said second data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a first 



key file storing an encrypted first content key 
data and an encrypted first usage control policy 
data indicating the handling of said first content 
data and a second key file storing an encrypted 
second content key data and an encrypted sec- 
ond usage control policy data indicating the 
handling of said second content data, 
said first data providing apparatus provides a 
first module storing a first content file storing 
said first content data, encrypted by using said 
first content key data and said first key file re- 
ceived from said management apparatus to 
said data distribution apparatus, 
said second data providing apparatus provides 
a second module storing a second content file 
storing said second content data encrypted by 
using said second content key data and said 
second key file received from said manage- 
ment apparatus to said data distribution appa- 
ratus, 

said data distribution apparatus distributes a 
third module storing said provided first content 
file, said first key file, said second content file, 
and said second key file to said data processing 
apparatus, and 

said data processing apparatus decrypts said 
first content key data, said second content key 
data, said first usage control policy data, and 
said second usage control policy data stored in 
said distributed third module, determines the 
handling of said first content data based on the 
related decrypted first usage control policy da- 
ta, and determines the handling of said second 
content data based on the related decrypted 
seconc usage control policy data. 

204. A data providing system as set forth in claim 203, 
wherein said data distribution apparatus distributes 
said third module further storing first price data 
showing a price of said first content data and sec- 
ond price data showing a price of said second con- 
tent data to said data processing apparatus. 

205. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 
tributes a content file storing the content data 
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encrypted by using said content key data and 
said key file received from said management 
apparatus to said data distribution apparatus, 
said data distribution apparatus individually 
distributes said distributed content file and said 
key file to said data processing apparatus by 
using a predetermined communication protocol 
but in a format not depending upon the related 
communication protocol or by recording the 
same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

206. A data providing system as set forth in claim 205, 
wherein said content file and said key file include 
data for clearing indicating their mutual correspond- 
ence. 

207. A data providing system for providing content data 
from a data providing apparatus to a data process- 
ing apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data and distributes 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus distributes a con- 
tent file storing the content data encrypted by 
using said content key data to said data distri- 
bution apparatus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

208. A data providing system as set forth in claim 207, 
wherein said content file and said key file include 
data for clearing indicating their mutual correspond- 
ence. 

209. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 



tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
5 said data processing apparatus by a management 

apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus provides a first 
module storing the content data encrypted by 
using said content key data and said key file 
received from said management apparatus to 
said data distribution apparatus, 
said data distribution apparatus distributes a 
second module storing said provided content 
data and said key file to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta stored in said distributed second module 
based on the related decrypted usage control 
policy data. 

210.A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data, 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 
distribution apparatus, 

said data distribution apparatus individually 
distributes said distributed content data and 
said key file to said data distribution apparatus 
by using a predetermined communication pro- 
tocol but in a format not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said . 
content key data and said usage control policy 
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data stored in said distributed key file and de- 
termines the handling of said distributed con- 
tent data based on the related decrypted usage 
control policy data. 

5 

211 .A data providing system for providing content data 
from a data providing apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, wherein w 

said management apparatus prepares a key 
file storing encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data and distributes is 
the related prepared key file to said data 
processing apparatus, 

said data providing apparatus distributes the 
content data encrypted by using said content 
key data to said data distribution apparatus, 20 
said data distribution apparatus distributes said 
provided content data to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or by 25 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said distributed con- 30 
tent data based on the related decrypted usage 
control policy data. 

212.A data providing system for providing content data 
from a data providing apparatus to a data distribu- 35 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 40 
apparatus, wherein 



related communication protocol or recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
distributed content key data and said usage 
control policy data and determines the handling 
of said distributed content data based on the 
related decrypted usage control policy data. 

213. A data providing system for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, wherein 

said management apparatus provides encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating the handling of said 
content data to said data processing apparatus, 
said data providing apparatus provides thecon- 
tent data encrypted by using said content key 
data to said data distribution apparatus, 
said data distribution apparatus distributes said 
distributed provided content data to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
distributed content key data and said usage 
control policy data and determines the handling 
of said distributed content data based on the 
related decrypted usage control policy data. 

214. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 



said management apparatus provides encrypt- 
ed content key data and encrypted usage con- 
trol policy data indicating the handling of said 45 
content data to said data providing apparatus, 
said data providing apparatus individually dis- 
tributes the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 50 
policy data received from said management ap- 
paratus to said data distribution apparatus, 
said data distribution apparatus distributes said 
distributed content data, said encrypted con- 
tent key data, and said encrypted usage control 55 
policy data to said data distribution apparatus 
by using a predetermined communication pro- 
tocol but in a format not depending upon the 



said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
file and said key file to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 



132 

BNSDCCID: <EP_ 1 132828A1_I_> 



263 



EP 1 132 828 A1 



264 



provided content file and said key file to said 
data processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of thecontent data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

21 5. A data providing system as set forth in claim 214, 
wherein 

said management apparatus produces a first 
module storing said content file and said key 
file and provides the first module to said data 
distribution apparatus and 
said data distribution apparatus produces a 
second file storing said content file and said key 
file stored in said first module and distributes 
the second module to said data providing ap- 
paratus. 

21 6. A data providing system as set forth in claim 214, 
wherein said management apparatus 

comprises at least one database among a da- 
tabase for storing and managing said content 
file, a database for storing and managing said 
key file, and a database for storing and manag- 
ing said usage control policy data and 
centrally manages at least one among said 
content file, said key file, and said usage control 
policy data by using a content identifier unique- 
ly allocated to said content data. 

217. A data providing system as set forth in claim 214, 
wherein said data providing apparatus provides 
said content key data and said usage control policy 
data to said management apparatus. 

218. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 



content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
5 file to said data distribution apparatus and pro- 

vides said key file to said data processing ap- 
paratus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
10 apparatus by using a predetermined communi- 

cation protocol but in a format not depending 
upon the related communication protocol or re- 
cording the same on a storage medium, and 
said data processing apparatus decrypts said 
1 5 content key data and said usage control policy 

data stored in said provided key file and deter- 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

20 

219.A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 

25 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus, 

30 said management apparatus manages said da- 

ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 
content key data and encrypted usage control 
35 policy data indicating the handling of said con- 

tent data, and provides said content file provid- 
ed from said data providing apparatus and said 
prepared key file to said data distribution appa- 
ratus, 

40 said data distribution apparatus distributes said 

provided content file and said key file to said 
data processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
4 5 protocol or by recording the same on a storage 

medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
50 termines the handling of the content data stored 

in said distributed content file based on the re- 
lated decrypted usage control policy data. 

220 A data providing system as set forth in claim 219, 
55 wherein 

said management apparatus produces a first 
module storing said content file and said key 
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file and provides the first module to said data 
distribution apparatus and 
said data distribution apparatus produces a 
second file storing said content file and said key 
file stored in said first module and distributes 5 
the second module to said data providing ap- 
paratus. 

221 .A data providing system as set forth in claim 219, 
wherein said management apparatus 10 

comprises at least one database among a da- 
tabase for storing and managing said content 
file, a database for storing and managing said 
key file, and a database for storing and manag- *5 
ing said usage control policy data and 
centrally manages at least one among said 
contentfile, said key file, and said usagecontrol 
policy data by using a content identifier unique- 
ly allocated to said content data. 20 

222. A data providing system as set forth in claim 219, 
wherein said data providing apparatus provides 
said content key data and said usage control policy 
data to said management apparatus. 25 

223. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, and a data processing appa- 
ratus, wherein 30 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus, 35 
said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 
content key data and encrypted usage control 40 
policy data indicating the handling of said con- 
tent data, provides said content file provided 
from said data providing apparatus to said data 
distribution apparatus, and provides said pre- 
pared key file to said data processing appara- 45 
tus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending so 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 55 
mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 



224.A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus., a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file and a key file provided from said manage- 
ment apparatus in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data pro- 
viding apparatus, 

said data distribution apparatus distributes said 
content file and key file obtained from said da- 
tabase device to said data processing appara- 
tus by using a predetermined communication 
protocol but in a format not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

225 JK data providing system as set forth in claim 224, 
wherein said database device centrally manages 
said stored content file and key file using a content 
identifier uniquely allocated to said content data. 

226. A data providing system as set forth in claim 224, 
wherein said management apparatus 

comprises at least one database among a da- 
tabase for storing and managing said key file 
and a database for storing and managing said 
usage control policy data and 
centrally manages at least one among said key 
file and said usage control policy data by using 
a content identifier uniquely allocated to said 
content data. 

227. A data providing system as set forth in claim 224, 
wherein said data providing apparatus provides 
said content key data and said usage control policy 
data to said management apparatus. 

228. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data 
processing apparatus, wherein 
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said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data pro- 
viding apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
and the key file provided from said data distri- 
bution apparatus to said data processing appa- 
ratus by using a predetermined communication 
protocol but in a format not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

229. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, a man- 
agement apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data 
processing apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
to said data processing apparatus by using a 
predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or recording the same on 
a storage medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of said content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

230. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 



paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

5 said data providing apparatuses encrypt con- 

tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files and key files provided from corre- 
*o sponding management apparatuses in said da- 

tabase device, 

said management apparatuses prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
*s eating the handling of said content data for the 

content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to corresponding data pro- 
viding apparatuses, 
20 said data distribution apparatus distributes said 

content files and key files obtained from said 
database device to said data processing appa- 
ratus by using a predetermined communication 
protocol but in a format not depending upon the 
25 related communication protocol or recording 

the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
30 termines the handling of said content data 

stored in said distributed content files based on 
the related decrypted usage control policy data. 

231 A data providing system as set forth in claim 230, 
35 wherein said database device centrally manages 
said stored content files and key files using content 
identifiers uniquely allocated to said content data. 

232 A data providing system as set forth in claim 230, 
40 wherein said management apparatuses 

comprise at least one database among a data- 
base for storing and managing said key files 
and a database for storing and managing said 
45 usage control policy data and 

centrally manage at least one among said key 
files and said usage control policy data by using 
content identifiers uniquely allocated to said 
content data provided by said data providing 
50 apparatuses in said corresponding data provid- 

ing apparatuses. 

233. A data providing system as set forth in claim 230, 
wherein said data providing apparatuses provide 

55 said content key data and said usage control policy 
data to said management apparatuses. 

234 . A data providing system comprising a plurality of 
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data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

5 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 10 
said management apparatuses prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data *5 
providing apparatuses and provide the related 
prepared key files to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 20 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or re- 25 
cording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 30 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

235.A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 35 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 40 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare key 45 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related so 
prepared key files to said data processing ap- 
paratus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus by using 55 
a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or recording the same on 



a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

236.A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files and key files received from the related 
management apparatuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, prepare key files 
storing said encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data for the content da- 
ta provided by corresponding data providing 
apparatuses, and send said prepared content 
files and said prepared key files to correspond- 
ing data providing apparatuses, 
said data distribution apparatus distributes said 
content files and key files obtained from said 
database device to said data processing appa- 
ratus by using a predetermined communication 
protocol but in a format not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

237. A data providing system as set forth in claim 236, 
wherein said database device centrally manages 
said stored content files and key files using content 
identifiers uniquely allocated to said content data. 

238. A data providing system as set forth in claim 236, 
wherein said management apparatuses 

comprise at least one database among a data- 
base for storing and managing said key files 
and a database for storing and managing said 
usage control policy data and 
centrally manage at least one among said key 
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files and said usage control policy data by using 
content identifiers uniquely allocated to said 
content data provided by said data providing 
apparatuses in said corresponding data provid- 
ing apparatuses. 

239. A data providing system as set forth in claim 236, 
wherein said data providing apparatuses provide 
said content key data and said usage control policy 
data to said management apparatuses. 

240. A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared content files to said data providing ap- 
paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send the related prepared key files provid- 
ed from said management apparatuses to cor- 
responding data distribution apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and key files provided from said manage- 
ment apparatuses to said data processing ap- 
paratus by using a predetermined communica- 
tion protocol but in a format not depending upon 
the related communication protocol or by re- 
cording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

241 .A data providing system comprising a plurality of 
data providing apparatuses, a data distribution ap- 
paratus, a plurality of management apparatuses, a 
database device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 



ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared content files to said data providing ap- 
paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send the related prepared key files to said 
data processing apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus by using 
a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 
stored in said provided content files based on 
the related decrypted usage control policy data. 

242.A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, and a 
data processing apparatus, wherein 

said data providing apparatus provides a first 
module storing content data encrypted by using 
content key data, said encrypted content key 
data, and encrypted usage control policy data 
indicating the handling of said content data to 
said data distribution apparatus, performs 
charge processing in units of the content data 
based on log data received from said data 
processing apparatus, and performs a profit 
distribution processing for distributing the profit 
paid by interested parties of said data process- 
ing apparatus to interested parties of the relat- 
ed data providing apparatus and interested par- 
ties of said data distribution apparatus, 
said data distribution apparatus distributes a 
second module storing said encrypted content 
data, content key data, and usage control policy 
data stored in said provided first module to said 
data processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or by recording the same on a storage 
medium, and 
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said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module, deter- 
mines the handling of said content data based 
on the related decrypted usage control policy 5 
data, prepares the log data for the handling of 
the related content data, and sends the related 
log data to said data providing apparatus. 

243. A data providing system as set forth in claim 242, w 
wherein 

said data processing apparatus sends data dis- 
tribution use apparatus use log data relating to 
the distribution service of the content data per- 15 
formed by the data distribution apparatus to 
said data distribution apparatus and 
said data distribution apparatus performs 
charge processing based on that data distribu- 
tion apparatus use log data. 20 

244. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, and a 
management apparatus, wherein 

25 

said data providing apparatus provides content 
data, 

said data distribution apparatus distributes said 
content file provided from said data providing 
apparatus or a content file in accordance with 30 
the content data provided by said data provid- 
ing apparatus provided from said management 
apparatus to said data processing apparatus, 
and 

said data processing apparatus decrypts the 35 
usage control policy data stored in a key file re- 
ceived from said data distribution apparatus or 
said management apparatus, determines the 
handling of said content data stored in the con- 
tent file received from said data distribution ap- 40 
paratus or said management apparatus based 
on the related decrypted usage control policy 
data, and further distributes said content file 
and key file received from said data distribution 
apparatus or said management apparatus to 45 
the other data processing apparatus. 

245. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus, comprising the steps of so 

distributing a module storing the content data 
encrypted by using content key data, said en- 
crypted content key data, and encrypted usage 
control policy data indicating the handling of 55 
said content data from said data providing ap- 
paratus to said data processing apparatus by 
using a predetermined communication protocol 



but in a format not depending upon the related 
communication protocol or recording the same 
on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and determining the handling of said content 
data based on the related decrypted usage 
control policy data. 

246. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing said prepared key file from said 
management apparatus to said data providing 
apparatus, and 

distributing a module storing a content file stor- 
ing the content data encrypted by using said 
content key data and said key file distributed 
from said management apparatus from said da- 
ta providing apparatus to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or re- 
cording the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and determining the handling of said content 
data based on the related decrypted usage 
control policy data. 

247. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, distributing a 
module storing a content file containing the 
content data encrypted by using said content 
key data and a key fife received from said man- 
agement apparatus to said data processing ap- 
paratus by using a predetermined communica- 
tion protocol but in a format not depending upon 
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the related communication protocol or record- 
ing the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and determining the handling of said content 
data based on the related decrypted usage 
control policy data. 

248. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing the related prepared key file from 
said management apparatus to said data pro- 
viding apparatus, and 

individually distributing a content file storing the 
content data encrypted by using said content 
key data and said key file distributed from said 
management apparatus from said data provid- 
ing apparatus to said data processing appara- 
tus by using a predetermined communication 
protocol but in a format not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

249. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing the related prepared key file from 
said management apparatus to said data 
processing apparatus, and 
distributing a content file storing the content da- 
ta encrypted by using said content key data 
from said data providing apparatus to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 



not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

in said data processing apparatus, decrypting 
5 said content key data and said usage control 

policy data stored in said distributed key file and 
determining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

10 

250 A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
*5 tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
20 encrypted usage control policy data indicating 

the handling of said content data, 
in said data providing apparatus : distributing a 
module storing the content data encrypted by 
using said content key data and said key file 
25 received from said management apparatus to 

said data processing apparatus by using a pre- 
determined communication protocol but in a 
format not depending upon the related commu- 
nication protocol or recording the same on a 
30 storage medium, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed module 
and determining the handling of said content 
35 data based on the related decrypted usage 

control policy data. 

251 A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
40 processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

45 jn said management apparatus, preparing a 

key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, individually 
so distributing the content data encrypted by using 

said content key data and said key file received 
from said management apparatus to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
55 not depending upon the related communication 

protocol or recording the same on a storage 
medium, and 

in said data processing apparatus, decrypting 
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said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of said distributed 
content data based on the related decrypted 
usage control policy data. s 

252. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 10 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and *5 
encrypted usage control policy data indicating 
the handling of said content data and distribut- 
ing the related prepared key file to said data 
processing apparatus, in said data providing 
apparatus, 20 
distributing the content data encrypted by using 
said content key data to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or re- 25 
cording the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of said distributed 30 
content data based on the related decrypted 
usage control policy data. 

253. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 35 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

40 

in said management apparatus, preparing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data, 

in said data providing apparatus, individually 45 
distributing the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 
policy data received from said management ap- 
paratus to said data processing apparatus by so 
using a predetermined communication protocol 
but in a format not depending upon the related 
communication protocol or recording the same 
on a storage medium, and 

in said data processing apparatus, decrypting 55 
said distributed content key data and said us- 
age control policy data and determining the 
handling of the content data stored in said dis- 



tributed content file based on the related de- 
crypted usage control policy data. 

254. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data and distributing the same to 
said data processing apparatus, 
in said data providing apparatus, distributing 
the content data encrypted by using said con- 
tent key data to said data processing apparatus 
by using a predetermined communication pro- 
tocol but in a format not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
in said data processing apparatus, decrypting 
said distributed content key data and said us- 
age control policy data and determining the 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 

255. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, and a data 
processing apparatus, comprising the steps of 

providing a first module storing content data en- 
crypted by using content key data, encrypted 
said content key data, and encrypted usage 
control policy data indicating the handling of 
said content data from said data providing ap- 
paratus to said data distribution apparatus, 
distributing a second module storing said en- 
crypted content data, content key data, and the 
usage control policy data stored in said provid- 
ed said first module from said data distribution 
apparatus to said data processing apparatus by 
using said content key data to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 
module and determining the handling of said 
content data based on the related decrypted 
usage control policy data. 

256. A data providing method for providing content data 
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from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
distributing the related prepared key file from 
said management apparatus to said data pro- 
viding apparatus, 

providing a first module storing a content file 
storing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus from said da- 
ta providing apparatus to said data distribution 
apparatus, and 

distributing a second module storing said pro- 
vided content file and said key file from said da- 
ta distribution apparatus to said data process- 
ing apparatus by using a predetermined com- 
munication protocol but in a format not depend- 
ing upon the related communication protocol or 
recording the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 
module and determining the handling of said 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 

257.A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, providing a 
first module storing a content file containing the 
content data encrypted by using said content 
key data and a key file received from said man- 
agement apparatus to said data distribution ap- 
paratus, 

in said data distribution apparatus, distributing 
a second module storing said provided content 
file to said data processing apparatus by using 



a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or recording the same on 
a storage medium, and 
5 in said data processing apparatus, decrypting 

said content key data and said usage control 
policy data stored in said distributed second 
module and determining the handling of said 
content data stored in said distributed second 
10 module based on the related decrypted usage 

control policy data. 

258 A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
15 tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said, data distribution apparatus, and 
said data processing apparatus by a management 
20 apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
25 the handling of said content data, 

distributing said prepared key file from said 
management apparatus to said data providing 
apparatus, 

individually providing a content file storing the 
30 content data encrypted by using said content 

key data and said key file received from said 
management apparatus from said data provid- 
ing apparatus to said data distribution appara- 
tus by using a predetermined communication 
35 protocol but in a format not depending upon the 

related communication protocol or recording 
the same on a storage medium, and 
individually distributing said distributed content 
file and said key file from said data distribution 
40 apparatus to said data distribution apparatus, 

and 

in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
45 determining the handling of the content data 

stored in said distributed content file based on 
the related decrypted usage control policy data. 

259 .A data providing method for providing content data 
50 from a data providing apparatus to a data distribu- 
tion apparatus and managing said data providing 
apparatus and said data processing apparatus by 
a management apparatus, comprising the steps of, 

55 in said management apparatus, preparing a 

key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
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distributing the related prepared key file from 
said management apparatus to said data 
processing apparatus, 

providing a content file storing the content data 
encrypted by using said content key data from s 
said data providing apparatus to said data dis- 
tribution apparatus, 

distributing said provided content file from said 
data distribution apparatus to said data 
processing apparatus by using a predeter- 10 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or recording the same on a storage 
medium, and 

in said data processing apparatus, decrypting is 
said content key data and said usage control 
policy data stored in said distributed keyfileand 
determining the handling of the content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 20 

260.A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 25 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

30 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, providing a 35 
first module storing the content data encrypted 
by using said content key data and said key file 
received from said management apparatus to 
said data distribution apparatus, 
in said data distribution apparatus, distributing 40 
a second module storing said provided content 
data and said key file to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or re- 45 
cording the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed second 
module and determining the handling of said so 
content data stored in said distributed second 
module based on the related decrypted usage 
control policy data. 

261 .A data providing method for providing content data 55 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 



ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data, 
in said data providing apparatus, individually 
providing the content data encrypted by using 
said content key data and said key file received 
from said management apparatus to said data 
distribution apparatus, 

in said data distribution apparatus, individually 
distributing said distributed content data and 
said key file to said data distribution apparatus 
by using a predetermined communication pro- 
tocol but in a format not depending upon the 
related communication protocol or recording 
the same on a storage medium, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of said distributed 
content data based on the related decrypted 
usage control policy data. 

262. A data providing method for distributing content da- 
ta from a data providing apparatus to a data 
processing apparatus and managing said data pro- 
viding apparatus and said data processing appara- 
tus by a management apparatus, comprising the 
steps of, 

in said management apparatus, preparing a 
key file storing encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and distribut- 
ing the related prepared key file to said data 
processing apparatus, in said data providing 
apparatus, 

providing the content data encrypted by using 
said content key data to said data distribution 
apparatus, 

in said data distribution apparatus, distributing 
said provided content data to said data 
processing apparatus, and 
in said data processing apparatus, decrypting 
said content key data and said usage control 
policy data stored in said distributed key file and 
determining the handling of said distributed 
content data based on the related decrypted 
usage control policy data. 

263. A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
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said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 5 



said distributed content key data and said us- 
age control policy data and determining the 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 



in said management apparatus, providing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data to said data providing appa- 
ratus, 

in said data providing apparatus, individually 
distributing the content data encrypted by using 
said content key data and said encrypted con- 
tent key data and said encrypted usage control 
policy data received from said management ap- 
paratus to said data distribution apparatus, 
in said data distribution apparatus, individually 
distributing said distributed content data, said 
encrypted content key, data, and said encrypt- 
ed usage control policy data to said data distri- 
bution apparatus by using a predetermined 
communication protocol but in a format not de- 
pending upon the related communication pro- 
tocol or recording the same on a storage medi- 
um, and 

in said data processing apparatus, decrypting 
said distributed content key data and said us- 
age control policy data and determining the 
handling of said distributed content data based 
on the related decrypted usage control policy 
data. 

264.A data providing method for providing content data 
from a data providing apparatus to a data distribu- 
tion apparatus, distributing the content data from 
said data distribution apparatus to a data process- 
ing apparatus, and managing said data providing 
apparatus, said data distribution apparatus, and 
said data processing apparatus by a management 
apparatus, comprising the steps of, 

in said management apparatus, distributing en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data to said data processing ap- 
paratus, 

in said data providing apparatus, providing the 
content data encrypted by using said content 
key data to said data distribution apparatus, 
in said data distribution apparatus, distributing 
said provided content data to said data 
processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol by recording the same on a storage 
medium, and 

in said data processing apparatus, decrypting 



265. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 

10 wherein 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

15 said management apparatus manages said da- 

ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
20 data, prepares a content file storing the related 

content data, prepares a key file storing said 
encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
25 fj|e and said key file to said data distribution ap- 

paratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus by using a predeter- 
30 mined communication protocol but in a format 

not depending upon the related communication 
protocol or by recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
35 content key data and said usage control policy 

data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

40 

266. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

45 

said data providing apparatus provides master 
source data of content to said management ap- 
paratus, 

said management apparatus manages said da- 
50 ta providing apparatus, said data distribution 

apparatus, and said data processing appara- 
tus, encrypts said provided master source data 
by using content key data to prepare content 
data, prepares a content file storing the related 
55 content data, prepares a key file storing said 

encrypted content key data and encrypted us- 
age control policy data indicating the handling 
of said content data, and provides said content 
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file to said data distribution apparatus and pro- 
vides said key file to said data processing ap- 
paratus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of said content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

267. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus, 

said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file storing said encrypted 
content key data and encrypted usage control 
policy data indicating the handling of said con- 
tent data, and provides said content file provid- 
ed from said data providing apparatus and said 
prepared key file to said data distribution appa- 
ratus, 

said data distribution apparatus distributes said 
provided content file and said key file to said 
data processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or by recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of thecontent data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

268. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, and a data processing apparatus, 
wherein 

said data providing apparatus provides a con- 
tent file storing encrypted content data using 
content key data to said management appara- 
tus, 



said management apparatus manages said da- 
ta providing apparatus, said data distribution 
apparatus, and said data processing appara- 
tus, prepares a key file, storing said encrypted 

5 content key data and encrypted usage control 

policy data indicating the handling of said con- 
tent data, provides said content file provided 
from said data providing apparatus to said data 
distribution apparatus and provides said pre- 

10 pared key file to said data processing appara- 

tus, 

said data distribution apparatus distributes said 
provided content file to said data processing 
apparatus by using a predetermined communi- 

15 cation protocol but in a format not depending 

upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 

20 data stored in said provided key file and deter- 

mines the handling of the content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 

25 269.A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, a database device, and a data 
processing apparatus, wherein 

30 said data providing apparatus encrypts content 

data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file and a key file provided from said manage- 

55 ment apparatus in said database device, 

said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 

40 the related prepared key file to said data pro- 

viding apparatus, 

said data distribution apparatus distributes said 
content file and key file obtained from said da- 
tabase device to said data processing appara- 

45 tus by using a predetermined communication 

protocol but in a format not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 

50 content key data and said usage control policy 

data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

55 

270.A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, a database device, and a data 
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processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said data distri- 
bution apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
and the key file provided from said data distri- 
bution apparatus to said data processing appa- 
ratus by using a predetermined communication 
protocol but in a format not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key file and de- 
termines the handling of said content data 
stored in said distributed content file based on 
the related decrypted usage control policy data. 

271 .A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a manage- 
ment apparatus, a database device, and a data 
processing apparatus, wherein 

said data providing apparatus encrypts content 
data by using content key data, prepares a con- 
tent file storing the related encrypted content 
data, and stores the related prepared content 
file in said database device, 
said management apparatus prepares a key 
file storing said encrypted content key data and 
encrypted usage control policy data indicating 
the handling of said content data and provides 
the related prepared key file to said, data 
processing apparatus, 

said data distribution apparatus distributes said 
content file obtained from said database device 
to said data processing apparatus by using a 
predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key file and deter- 
mines the handling of said content data stored 
in said distributed content file based on the re- 
lated decrypted usage control policy data. 



272. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 

5 wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files and key files provided from corre- 
sponding management apparatuses in said da- 
tabase device, 

said management apparatuses prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to corresponding data pro- 
viding apparatuses, 

said data distribution apparatus distributes said 
content files and key files obtained from said 
database device to said data processing appa- 
ratus by using a predetermined communication 
protocol but in a format not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

273. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to said data distribution ap- 
paratus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
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apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

274. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses encrypt con- 
tent data by using content key data, prepare 
content files storing the related encrypted con- 
tent data, and store the related prepared con- 
tent files in said database device, 
said management apparatuses prepare key 
files storing said encrypted content key data 
and encrypted usage control policy data indi- 
cating the handling of said content data for the 
content data provided by corresponding data 
providing apparatuses and provide the related 
prepared key files to said data processing ap- 
paratus, 

said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus by using 
a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key files and de- 
termines the handling of said content data 
stored in said distributed content files based on 
the related decrypted usage control policy data. 

275. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files and key files received from the related 
management apparatuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 



key data, prepare content files storing the relat- 
ed encrypted content data, prepare key files 
storing said encrypted content key data and en- 
crypted usage control policy data indicating the 
handling of said content data for the content da- 
ta provided by corresponding data providing 
apparatuses, and send said prepared content 
files and said prepared key files to correspond- 
ing data providing apparatuses, 
said data distribution apparatus distributes said 
content files and key files obtained from said 
database device to said data processing appa- 
ratus by using a predetermined communication 
protocol but in a format not depending upon the 
related communication protocol or by recording 
the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

276.A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared content files to said data providing ap- 
paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and send the related prepared key files to cor- 
responding data distribution apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice and the key files provided from said man- 
agement apparatuses to said data processing 
apparatus by using a predetermined communi- 
cation protocol but in a format not depending 
upon the related communication protocol or by 
recording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed key files and de- 
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termines the handling of the content data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

277. A data providing method using a plurality of data 
providing apparatuses, a data distribution appara- 
tus, a plurality of management apparatuses, a da- 
tabase device, and a data processing apparatus, 
wherein 

said data providing apparatuses provide mas- 
ter sources of content data to corresponding 
management apparatuses and store content 
files received from the related management ap- 
paratuses in said database, 
said management apparatuses encrypt said 
master sources received from corresponding 
data providing apparatuses by using content 
key data, prepare content files storing the relat- 
ed encrypted content data, send the related 
prepared content files to said data providing ap- 
paratuses, prepare key files storing said en- 
crypted content key data and encrypted usage 
control policy data indicating the handling of 
said content data for the content data provided 
by corresponding data providing apparatuses, 
and provide the related prepared key files to 
said data processing apparatus, 
said data distribution apparatus distributes said 
content files obtained from said database de- 
vice to said data processing apparatus by using 
a predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said provided key files and de- 
termines the handling of thecontent data stored 
in said distributed content files based on the re- 
lated decrypted usage control policy data. 

278. A data providing method using a data providing ap- 
paratus, a data distribution apparatus, and a data 
processing apparatus, wherein 

said data providing apparatus provides a first 
module storing content data encrypted by using 
content key data, said encrypted content key 
data, and encrypted usage control policy data 
indicating the handling of said content data to 
said data distribution apparatus, performs 
charge processing in units of the content data 
based on log data received from said data 
processing apparatus, performs profit distribu- 
tion processing for distributing the profit paid by 
interested parties of said data processing ap- 
paratus to interested parties of the related data 
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providing apparatus and interested parties of 
said data distribution apparatus, 
said data distribution apparatus distributes a 
second module storing said encrypted content 
data, content key data and usage control policy 
data stored in said provided first module to said 
data processing apparatus by using a predeter- 
mined communication protocol but in a format 
not depending upon the related communication 
protocol or by recording the same on a storage 
medium, and 

said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module, deter- 
mines the handling of said content data based 
on the related decrypted usage control policy 
data, prepares the log data for the handling of 
the related content data and sends the related 
log data to said data providing apparatus. 

279 .A data providing method using a data providing ap- 
paratus, a data distribution apparatus, a data 
processing apparatus, and a management appara- 
tus, wherein 

said data providing apparatus provides content 
data, 

said data distribution apparatus distributes said 
content file provided from said data providing 
apparatus or a content file in accordance with 
the content data provided by said data provid- 
ing apparatus received from said management 
apparatus to said data processing apparatus, 
and 

said data processing apparatus decrypts the 
usage control policy data stored in the key file 
received from said data distribution apparatus 
or said management apparatus, determines 
the handling of said content data stored in the 
content file received from said data distribution 
apparatus or said management apparatus 
based on the related decrypted usage control 
policy data, and further distributes said content 
file and key file received from said data distri- 
bution apparatus or said management appara- 
tus to the other data processing apparatus. 



280 7\ data providing system for distributing content da- 
ta from a data providing apparatus to a data 
so processing apparatus, wherein 

said data providing apparatus distributes a 
module storing content data encrypted by using 
content key data, said encrypted content key 
55 data, and encrypted usage control policy data 

indicating the handling of said content data in 
a format not depending upon at least one 
among existence of a compression of said con- 
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tent data, a compression method, a method of 
said encryption, and parameters of a signal giv- 
ing the content data to said data processing ap- 
paratus by using a predetermined communica- 
tion protocol but in a format not depending upon 
the related communication protocol or by re- 
cording the same on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed module and de- 
termines the handling of said content data 
based on the related decrypted usage control 
policy data. 

281 .A data providing system as set forth in claim 280, 
wherein 

said data providing apparatus distributes said 
module further storing a certification data of itself in 
a format not depending upon the method of produc- 
ing said certification data, 

282. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, and a 
data processing apparatus, wherein 

said data providing apparatus distributes a first 
module storing content data encrypted by using 
content key data, said encrypted content key 
data, and encrypted usage control policy data 
indicating the handling of said content data in 
a format not depending upon at least one 
among existence of compression of said con- 
tent data, a compression method, a method of 
said encryption, and parameters of a signal giv- 
ing the content data to said data distribution ap- 
paratus, 

said data distribution apparatus distributes a 
second module storing said encrypted content 
data, content key data, and the usage control 
policy data stored in said provided first module 
to said data processing apparatus by using a 
predetermined communication protocol but in 
a format not depending upon the related com- 
munication protocol or by recording the same 
on a storage medium, and 
said data processing apparatus decrypts said 
content key data and said usage control policy 
data stored in said distributed second module 
and determines the handling of said content da- 
ta based on the related decrypted usage control 
policy data. 

283. A data providing system as set forth in claim 282, 
wherein said data providing apparatus provides 
said first module further storing its own signature 
data in a format not depending upon the method 
preparation of the signature data to said data distri- 
bution apparatus. 



284. A data providing system comprising a data provid- 
ing apparatus, a data distribution apparatus, and a 
data processing apparatus, wherein 

5 said data providing apparatus distributes a first 

module storing content data encrypted by using 
content key data, said encrypted content key 
data, and encrypted usage control policy data 
indicating the handling of said content data to 

10 said data distribution apparatus, 

said data distribution apparatus encrypts a plu- 
rality of second modules storing said encrypted 
content data, content key data, and the usage 
control policy data stored in said provided first 

15 module by using a common key obtained by 

mutual certification with said data processing 
apparatus, and then distributes the same to 
said data processing apparatus by using a pre- 
determined communication protocol but in a 

20 format not depending upon the related commu- 

nication protocol, and 

said data processing apparatus comprises a 
first processing circuit for decrypting said dis- 
tributed plurality of second modules by using 

25 said common key, selecting a single or a plu- 

rality of second modules from among the relat- 
ed decrypted plurality of second moduies, and 
performing charge processing with respect to a 
distribution service of said second modules and 

30 a tamper resistant second processing circuit re- 

ceiving said selected said second modules, de- 
crypting said content key data and said usage 
control policy data stored in the related second 
modules, and determining the handling of said 

35 content data based on the related decrypted 

usage control policy data. 

285. A data providing system as set forth in claim 284, 
wherein 

40 

said first processing circuit produces data dis- 
tribution use apparatus use log data relating to 
the distribution service of the second module 
performed by the data distribution apparatus to 
45 said data distribution apparatus and 

said data distribution apparatus performs 
charge processing based on that data distribu- 
tion apparatus use log data. 

50 286.A data providing system as set forth in claim 284, 

further comprising a management apparatus 
for managing said data providing apparatus, 
said data distribution apparatus, and said data 
55 processing apparatus, wherein 

said second processing circuit determines the 
handling of said content data, prepares usage 
log data in accordance with the determination, 
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and sends the usage log data to said manage- 
ment apparatus, and 

said management apparatus performs profit 
distribution processing for distributing the profit 
relating to the content data paid by an interest- 
ed party of the data processing apparatus 
based on the usage log data to interested par- 
ties of the data providing apparatus and the da- 
ta distribution apparatus based on the usage 
log data. 
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